diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2019-01-02 10:45:36 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2019-01-02 11:07:05 +0100 |
commit | 918094fde55fa0dbfd59a5f88d576efb513a88db (patch) | |
tree | 61e31656c60a6cc928c50cd633568043673e2cbd /testing/tests/openssl-ikev1/alg-ecp-high/description.txt | |
parent | 69bc96f6b0b388d35e983f8d27224fa49d92918c (diff) | |
download | vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip |
New upstream version 5.7.2
Diffstat (limited to 'testing/tests/openssl-ikev1/alg-ecp-high/description.txt')
-rw-r--r-- | testing/tests/openssl-ikev1/alg-ecp-high/description.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/description.txt b/testing/tests/openssl-ikev1/alg-ecp-high/description.txt index a1f31495d..773e43a35 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/description.txt +++ b/testing/tests/openssl-ikev1/alg-ecp-high/description.txt @@ -1,17 +1,17 @@ The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b> plugin based on the <b>OpenSSL</b> library for all cryptographical and X.509 certificate functions whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> -cryptographical plugins <b>aes des sha1 sha2 md5 gmp x509</b> plus the <b>openssl</b> +cryptographical plugins <b>aes sha1 sha2 hmac gmp x509</b> plus the <b>openssl</b> plugin for the Elliptic Curve Diffie-Hellman groups only. <p> -The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>. <b>carol</b> proposes the DH groups ECP_256 and ECP_384 whereas <b>dave</b> proposes ECP_256 and ECP_521. Since <b>moon</b> does not support ECP_256 the roadwarriors fall back to ECP_384 and ECP_521, respectively. <p> -Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> -automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +Upon the successful establishment of the IPsec tunnels, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>. |