diff options
Diffstat (limited to 'testing/tests/ikev1/protoport-pass/description.txt')
| -rw-r--r-- | testing/tests/ikev1/protoport-pass/description.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/testing/tests/ikev1/protoport-pass/description.txt b/testing/tests/ikev1/protoport-pass/description.txt new file mode 100644 index 000000000..63744fa47 --- /dev/null +++ b/testing/tests/ikev1/protoport-pass/description.txt @@ -0,0 +1,13 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +Using the <b>left|rightprotoport</b> selectors, the IPsec tunnel is +restricted to the ICMP protocol. Upon the successful establishment of the +IPsec tunnel, <b>firewall=yes</b> automatically inserts iptables-based +firewall rules that let pass the tunneled ICMP traffic. In order to test +both tunnel and firewall, <b>carol</b> pings the client <b>alice</b> behind +the gateway <b>moon</b> as well as the inner interface of the gateway. +For the latter ping <b>lefthostaccess=yes</b> is required. +<p> +By default, the native IPsec stack of the Linux 2.6 kernel transmits +protocols and ports not covered by any IPsec SA in the clear. Thus by +selectively opening the firewalls, <b>carol</b> sets up an SSH session to +<b>alice</b> that is not going through the tunnel. |