strongSwan KVM Tests / ikev2 / ecdsa-pkcs8

Test ikev2/ecdsa-pkcs8

Description

The hosts carol, dave, and moon use the openssl plugin based on the OpenSSL library for all cryptographical and X.509 certificate functions.

The roadwarriors carol and dave set up a connection each to gateway moon. The authentication is based on ECDSA signatures using Elliptic Curve certificates and matching EC private keys stored in the PKCS#8 format. moon's key is unencrypted, carol's key is encrypted with the default PKCS#5 v1.5 DES algorithm and dave's key with the PKCS#5 v2.0 3DES algorithm.

Upon the successful establishment of the IPsec tunnels, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave ping the client alice behind the gateway moon.

alice moon carol winnetou dave

moon

 

carol

 

dave

 

tcpdump