summaryrefslogtreecommitdiff
path: root/testing/tests/ikev2/mobike-nat
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/ikev2/mobike-nat')
-rw-r--r--testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules6
-rw-r--r--testing/tests/ikev2/mobike-nat/pretest.dat3
2 files changed, 6 insertions, 3 deletions
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules
index 6dd261f20..450e7cef6 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules
@@ -5,11 +5,15 @@
-P OUTPUT DROP
-P FORWARD DROP
+# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953
+-A OUTPUT -o lo -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+
# allow IPsec tunnel traffic
-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-# allow ESP
+# allow ESP
-A INPUT -i eth0 -p 50 -j ACCEPT
-A INPUT -i eth1 -p 50 -j ACCEPT
-A OUTPUT -o eth0 -p 50 -j ACCEPT
diff --git a/testing/tests/ikev2/mobike-nat/pretest.dat b/testing/tests/ikev2/mobike-nat/pretest.dat
index fde195daa..68df1b533 100644
--- a/testing/tests/ikev2/mobike-nat/pretest.dat
+++ b/testing/tests/ikev2/mobike-nat/pretest.dat
@@ -5,6 +5,5 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
alice::ipsec start
sun::ipsec start
-alice::sleep 2
+alice::expect-connection mobike
alice::ipsec up mobike
-alice::sleep 1
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-10 15:43:23 +0000