strongSwan KVM Tests / ikev2 / net2net-childless
Test ikev2/net2net-childless
Description
A connection between the subnets behind the gateways moon and sun is set up using childless initiation of IKEv2 SAs (RFC 6023). The IKE_SA is established without CHILD_SA during IKE_AUTH. Instead, the CHILD_SA is created right afterwards with a CREATE_CHILD_SA exchange, allowing the use of a separate DH exchange for the first CHILD_SA, which is not possible if it is created during IKE_AUTH. The authentication is based on X.509 certificates. Upon the successful establishment of the IPsec tunnel, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, client alice behind gateway moon pings client bob located behind gateway sun.