strongSwan KVM Tests / ikev2 / rw-sig-auth
Test ikev2/rw-sig-auth
Description
The roadwarriors carol an dave set up a connection to gateway moon. They authenticate themselves using RSA signatures but they use different hash algorithms. moon uses signature scheme constraints to only allow access to the research and accounting subnets if specific algorithms are used. Note: Because the client certificate's are signedwith SHA-256 we have to accept that algorithm too because signature schemes in rightauth are also used as constraints for the whole certificate chain. Therefore, carol obtains access to the research subnet behind gateway moon whereas dave has access to the accounting subnet, but not vice-versa.