strongSwan KVM Tests / ikev1 / xauth-rsa

Test ikev1/xauth-rsa

Description

The roadwarriors carol and dave set up a connection to gateway moon. The authentication is based on RSA signatures using X.509 certificates followed by extended authentication (XAUTH) of carol and dave based on user names equal to the IKEv1 identities carol@strongswan.org and dave@strongswan.org, respectively and corresponding user passwords defined and stored in the secrets section of swanctl.conf.

Upon the successful establishment of the IPsec tunnel, the updown-script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, carol and dave ping the client alice behind the gateway moon.

alice moon carol winnetou dave

moon

 

carol

 

dave

 

tcpdump