strongSwan KVM Tests / ikev2 / after-2038-certs
Test ikev2/after-2038-certs
Description
The roadwarrior carol sets up a connection to gateway moon. The authentication is based on X.509 certificates that are valid until the year 2039 and are issued by a certification authority with a root ca certificate valid until the year 2059. On 32-bit platforms, dates after Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type. Thus if a time wrap-around occurs during ASN.1 to time_t conversions, dates contained in the certificates are set to the maximum value, i.e. to Jan 19 03:14:07 UTC 2038. Upon the successful establishment of the IPsec tunnel, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, carol ping the client alice behind the gateway moon.