blob: 332f8177ae2b1d05b6e669332086bdff0a2c6f87 (
plain)
1
2
3
4
5
6
|
In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The tunnel mode connection is
tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind
gateway <b>moon</b>.
|