This test is identical to x509-pluto-06, except that the policy is set to
strict, and there is no CRL. So it fails.
The network is configured as follows:
POLE
|
NORTH
|
NIC
This is a test of NAT-traversal.
The network is configured as follows:
ROAD
|
NIC---EAST--SUNRISE
A NAT is setup on NIC that does traditional NAPT on the
NORTH network.
This more
#arp -an
dig 3.1.0.192.in-addr.arpa. txt
: we expect that east can ping west
ping -c 1 -n 192.1.2.45
: we expect that this will result in a %drop, as 1.1 is not OE enabled.
ping -c 8 -n 192.0.1.1
i
This is a test of NAT-traversal.
The network is configured as follows:
POLE
|
NORTH
|
NIC---EAST--SUNRISE
A NAT is setup on NIC that does traditional NAPT on the
NORTH net
This is a test of NAT-traversal.
The network is configured as follows:
ROAD
|
NIC---EAST--SUNRISE
/
WEST
/
SUNSET
A NAT is setup on NIC that does traditi
: ==== start ====
# confirm that the network is alive
ping -n -c 4 192.0.2.254
# make sure that clear text does not get through
iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
# confirm with a ping
#arp -an
dig 3.1.0.192.in-addr.arpa. txt
: we expect that east can ping west
ping -c 1 -n 192.1.2.45
: we expect that this will result in a %pass, as 1.1 is not OE enabled.
ping -c 8 -n 192.0.1.1
i
: check out the myid that I concluded with
ipsec auto --status | grep '%myid ='
: ==== cut ====
cat /tmp/pluto.log
ipsec look
ipsec auto --status
: ==== tuc ====
: ==== end ====
TESTNAME=fail-x509-08
source /testing/pluto/bin/westlocal.sh
# confirm that the network is alive
ping -n -c 4 192.0.2.254
# make sure that clear text does not get through
iptables -A INPUT -i eth1 -s
This is a test of NAT-traversal.
The network is configured as follows:
POLE
|
NORTH
|
NIC---EAST--SUNRISE
A NAT is setup on NIC that does traditional NAPT on the
NORTH net
