diff options
Diffstat (limited to 'testing/tests/ikev2/acert-inline/description.txt')
| -rw-r--r-- | testing/tests/ikev2/acert-inline/description.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/testing/tests/ikev2/acert-inline/description.txt b/testing/tests/ikev2/acert-inline/description.txt new file mode 100644 index 000000000..948b84725 --- /dev/null +++ b/testing/tests/ikev2/acert-inline/description.txt @@ -0,0 +1,12 @@ +<p>The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>. +To authorize clients, <b>moon</b> expects attribute certificates sent inline in +IKEv2 CERT payloads. <b>Carol</b> provides a valid attribute certificate for +the group <i>sales</i>, but <b>dave</b> offers two invalid attribute +certificates: One is not for the <i>sales</i> group, and the other is issued by +an AA that has been expired.</p> +<p>Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> try +to ping the client <b>alice</b> behind the gateway <b>moon</b>, but dave fails +to do so.</p> |