use static IPsec policy iptables rule for alice in mobike scenario
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 25 Nov 2008 08:11:14 +0000 (08:11 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 25 Nov 2008 08:11:14 +0000 (08:11 -0000)
testing/tests/ikev2/mobike/hosts/alice/etc/init.d/iptables
testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf

index db18182..cf0d65c 100755 (executable)
@@ -17,6 +17,10 @@ start() {
        /sbin/iptables -P OUTPUT DROP
        /sbin/iptables -P FORWARD DROP
 
+        # allow IPsec tunnel traffic
+        iptables -A INPUT  -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+        iptables -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
        # allow esp
        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
        iptables -A INPUT  -i eth1 -p 50 -j ACCEPT
index 37e92cf..6c87468 100755 (executable)
@@ -16,7 +16,6 @@ conn mobike
        left=PH_IP_ALICE1
        leftcert=aliceCert.pem
        leftid=alice@strongswan.org
-       leftfirewall=yes
        right=PH_IP_SUN
        rightid=@sun.strongswan.org
        rightsubnet=10.2.0.0/16