strongSwan KVM Tests / libipsec / net2net-trap
Test libipsec/net2net-trap
Description
A tunnel that will connect the subnets behind the gateways moon and sun, respectively, is preconfigured by installing a trap policy on gateway moon by means of the setting start_action = trap in swanctl.conf. A subsequent ping issued by client alice behind gateway moon to bob located behind gateway sun triggers an acquire and leads to the automatic establishment of the subnet-to-subnet tunnel. Upon the successful establishment of the IPsec tunnel, an updown script automatically inserts iptables-based firewall rules that let pass the traffic tunneled via the ipsec0 tun interface. In order to test both tunnel and firewall, client alice behind gateway moon pings client bob located behind gateway sun.