strongSwan KVM Tests / ikev2 / protoport-trap

Test ikev2/protoport-trap

Description

Using [<protocol>/<port>] selectors in the local_ts and remote_ts child parameters, two IPsec tunnels between the roadwarrior carol and the gateway moon are defined. The first CHILD_SA is restricted to ICMP packets and the second covers TCP-based SSH connections.

By sending a ping to the client alice behind moon, the ICMP trap is triggered and the corresponding IPsec tunnel is set up. In the same way an ssh session to alice over the second IPsec SA is established.

alice moon carol winnetou

moon

 

carol

 

tcpdump