blob: 809f28c570ebcd687851e104a313e70da91ccd90 (
plain)
1
2
3
4
5
6
|
In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The tunnel mode connection is
tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind
gateway <b>moon</b>.
|
