| 12345678910 |
- A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
- The authentication is based on <b>X.509 certificates</b>. Upon the successful
- establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
- inserts iptables-based firewall rules that let pass the tunneled traffic.
- After a while the CHILD_SA is rekeyed by <b>moon</b> (after a deliberately short
- time in this test scenario).
- In order to test both tunnel and firewall after the rekeying, client <b>alice</b>
- behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>
- twice, once right after the rekeying and once after the old inbound SA has been
- deleted.
|
