From 81c63b0eed39432878f78727f60a1e7499645199 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 11 Jul 2014 07:23:31 +0200
Subject: Imported Upstream version 5.2.0

---
 .../shunt-policies-nat-rw/hosts/sun/etc/ipsec.conf | 20 ++++++++++++++++++
 .../hosts/sun/etc/iptables.rules                   | 24 ++++++++++++++++++++++
 .../hosts/sun/etc/strongswan.conf                  |  5 +++++
 3 files changed, 49 insertions(+)
 create mode 100644 testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/iptables.rules
 create mode 100644 testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf

(limited to 'testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc')

diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100644
index 000000000..90a8ae26e
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn nat-t
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	leftsubnet=0.0.0.0/0
+	right=%any
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/iptables.rules b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/iptables.rules
new file mode 100644
index 000000000..ae8f9a61e
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/iptables.rules
@@ -0,0 +1,24 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca23c6971
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
-- 
cgit v1.2.3