strongSwan KVM Tests / ikev2 / rw-mlkem

Test ikev2/rw-mlkem

Description

The roadwarriors carol and dave as well as the gateway moon use openssl plugin based on the OpenSSL library for all cryptographical functions plus the ml plugin for the post-quantum ML-KEM key exchange algorithm. The authentication is based on X.509 certificates and the key exchange on x25519-ke1_mlkem512 for carol and ecp384-ke1_mlkem786 for dave.

Upon the successful establishment of the IPsec tunnels, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave ping the client alice behind the gateway moon.

alice moon carol winnetou dave

moon

 

carol

 

dave

 

tcpdump