strongSwan KVM Tests / ikev1-stroke / xauth-rsa

Test ikev1-stroke/xauth-rsa

Description

The roadwarriors carol and dave set up a connection to gateway moon. The authentication is based on RSA signatures (RSASIG) using X.509 certificates followed by extended authentication (XAUTH) of carol and dave based on user names equal to the IKEv1 identities carol@strongswan.org and dave@strongswan.org, respectively and corresponding user passwords defined and stored in ipsec.secrets.

Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, carol and dave ping the client alice behind the gateway moon.

alice moon carol winnetou dave

moon

carol

dave

tcpdump