strongSwan KVM Tests / ikev2 / acert-inline
Test ikev2/acert-inline
Description
The roadwarriors carol and dave set up a connection each to gateway moon. The authentication is based on X.509 certificates. To authorize clients, moon uses locally cached attribute certificates. While for carol a valid attribute certificate for the group sales is available, dave's attribute certificates are either expired or do not grant permissions for the sales group. The updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave try to ping the client alice behind the gateway moon, but dave fails to do so.