strongSwan KVM Tests / ikev2 / lookip
Test ikev2/lookip
Description
The roadwarriors carol and dave set up a connection each to gateway moon. Both carol and dave request a virtual IP via IKEv2 configuration payloads by using the vips = 0.0.0.0 parameter. moon assigns virtual IP addresses from a simple pool defined in the pools section of swanctl.conf in a monotonously increasing order.Using the lookip --lookup command, which communicates with the lookip plugin via a UNIX socket, information about the assigned virtual IPs is retrieved.
The updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnels, carol and dave then ping the client alice behind the gateway moon. The source IP addresses of the two pings will be the virtual IPs 10.3.0.1 and 10.3.0.2, respectively.
