From 49a26e5b57a28dd7a403a107532e91a098c451fe Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Wed, 10 Jul 2013 20:17:44 +0200 Subject: [PATCH] Added ikev2/net2net-pkcs12 scenario --- testing/tests/ikev2/net2net-pkcs12/description.txt | 8 ++++++++ testing/tests/ikev2/net2net-pkcs12/evaltest.dat | 7 +++++++ .../ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf | 22 +++++++++++++++++++++ .../hosts/moon/etc/ipsec.d/private/moonCert.p12 | Bin 0 -> 3766 bytes .../net2net-pkcs12/hosts/moon/etc/ipsec.secrets | 3 +++ .../net2net-pkcs12/hosts/moon/etc/strongswan.conf | 6 ++++++ .../ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf | 22 +++++++++++++++++++++ .../hosts/sun/etc/ipsec.d/private/sunCert.p12 | Bin 0 -> 3764 bytes .../net2net-pkcs12/hosts/sun/etc/ipsec.secrets | 8 ++++++++ .../net2net-pkcs12/hosts/sun/etc/strongswan.conf | 6 ++++++ testing/tests/ikev2/net2net-pkcs12/posttest.dat | 6 ++++++ testing/tests/ikev2/net2net-pkcs12/pretest.dat | 7 +++++++ testing/tests/ikev2/net2net-pkcs12/test.conf | 21 ++++++++++++++++++++ 13 files changed, 116 insertions(+) create mode 100644 testing/tests/ikev2/net2net-pkcs12/description.txt create mode 100644 testing/tests/ikev2/net2net-pkcs12/evaltest.dat create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-pkcs12/posttest.dat create mode 100644 testing/tests/ikev2/net2net-pkcs12/pretest.dat create mode 100644 testing/tests/ikev2/net2net-pkcs12/test.conf diff --git a/testing/tests/ikev2/net2net-pkcs12/description.txt b/testing/tests/ikev2/net2net-pkcs12/description.txt new file mode 100644 index 0000000..e66ea19 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/description.txt @@ -0,0 +1,8 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates and an RSA private key stored in +PKCS12 format. +

+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/ikev2/net2net-pkcs12/evaltest.dat b/testing/tests/ikev2/net2net-pkcs12/evaltest.dat new file mode 100644 index 0000000..2b37cad --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/evaltest.dat @@ -0,0 +1,7 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf new file mode 100644 index 0000000..2d31a19 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d3cca4fd5da2a59b03caff1eb372fee566393916 GIT binary patch literal 3766 zcmY+GcT5uuw}%U~Y|92gS;{U*%N|16QxF+4M5fFF778L*HnOM47OaRM1(dx}R@t(L z>?L5?Qz-NLCimX=`*Lz}lING4KYw|kq2LN)A`)mQ_$4WYP=r>*$qgbhB1|aQ1sDo; z_=|0!q2$;9Mx>Zf^1Z)kilL!a9? z<2xhPG&5-j`bg4SqqE>5k_h#k@M**we5Q1pj-em3ZoF(vG&dvXl6NnGis`ZHJ%=;v zb*zrY%Y3I}B(Vw1pl*DCP0tpT8tmgaa4(g{9Fr(m3SrHD{U}U-%;;>X{(Q9Xz(DUs z`1LKcNmuiP`Q-lZn7}DkTyc{G*u}qQn`DF<9TAxkZg;0R$Z^^h-Z z%bU>i&n3uzUkH$bmmXEk)P|Pv@c7d8Bjksx5vD6p<3#qJ&%2aLO5<;F*hh@!w91!! zELmk9O^?}Pz6n{)|H_2>gCr%gxHh#l6!x4ik{dagdG2)3$zy+Xo*7o|3kpNf-DZBT zRK_?@cTx(xccRlw)&a{!S5RgNYgE_@(oscVJkQ2??YM*q``r_ddAMPDm#uS}bJ>N2 zg><`%YkqJ`fW{X@i^=@h%^EE)`u^zpPz9ERL6o%nOM+@IDw}Jh9JVRMMejj4G{|tnC;5>!L$fE z*zyX|PEAgUC2briFZ$UKWyT*$!hj%GD?7E`j8{aiVc8JRrX7#Q#8!O^X@*#ji}N#{ zV)??V3n;y&=a;GmlOkO_%g*`r{maYYu5h`E2U>T2lQ`V6z;!ZHovf2zVb{1cu0R0 zpU~4sD~8HZPJh(8tA(JxnBl2Uj9NrV^n26_M=~=8;Wuw*<{pbXJB7=}*;v-#SYx&_ zFoXBp5T~%8r(fcgspTLmzo~xqs@Bj;S1JZSGlg8(2=m&OH{8Ql9{MMdd96C5>*yf^ z3^e_({iv+G;Wbu!LTLHAun$bjv=YXH=8-q@_ z{#iHU-0ofR!+h*}A447d7Jt3qvX4WbAa9Etm6GhO65mW#lGODu%1kEgcCmrHC`(%~ zdwRCRU{*)olOD~%9|GDfdknsSh;KmxLoJQLRLYq zw)8+a3^gY?d|>zWWtI|FzGTXTJ>4ve4%^2d&NMkhwq}}nf3o6+-%PtBN;f^0A)OAr z&TvJ4U%~$QtM~nprHYmetWd6UW2^KWkE#cm^7_BDqKxv0dz8#pjuVzUTa1S24jp$d zCCwvp18ux0eMR4oxSu>(S!hh3uqcDc%Ow~D6klyNq*?yZ|H4DrRXbzbGq(`C(Tr&k~)R9L`ybr;$@uKzvuEapDq)bzwICMMM;=?-hrS<9%pCj*Ko z$K!m&QU;Tr=&KeqmJvo&9HIz}ihYzc^84oJj0ar>i=D5f|9ps+z|0$P{8Vi~Z%2i! z26G`CC5LI*?$j6eB&2+NDBHiS7RTs*UL$v|8PDVn6$@$=H41wK05v*w9NSZZ@49p6 z@)0GHv|aS2m%K}PolBIxlbkVzM>e8`yf_3B0nYlzwf(*$)ZRpCyb^Aw9|W|xjV`Q1 z8tzpYQLx$W?^e7&Y!q6rTJJckyl?qwNPleZ$<9%d{RuDkL!*F^WHe|Lr}3n0NUv5Z z%7;bO_GvbJx>2V*?OkE2PA#{Qq-x~x3Om(JHIOe_1`VV6qvvb`tz_-`HP}IG3+SE1@_LTBpddJj8RC zLlT}75&IoN037IfdKgwjGs*s%+&oEhjuC4EH-i(^bC|^!Dk;O7dh@*ffE4k;)RLZQT3HaufW*YB5}LdJx(n4?r~MAVl5UZ^_vo1PPs4p zd|gnp5Cyjnh250v!_~mx6p#s^B|!B?iTvCT)4_+yCuDIGFG6bSFzR>xWAL(s7vG_w zAdCMH9ZV=l7Z?iC{EJopE}WF=|Fnmah!_(J+<}GyH~!0pNdB=Q+q&H%f@jD2KQ;sm z1$HL{rM8eCE8>r5zRt5<)wY|Rs~fBZtiPG%)&`THO10ClnsZWj|J;kJwkq?(H!|dy z*Lh%Ra|E|k_P8iO|rO{VE?ISPsQKU@?gf|zpz5?L|W>ueKP<9Y=&)6T|&M9jf{W(#1PEST27xitE`+e-IbWO}~ z<6F^zd2-8Nu1Q)J)(>#_^Vu$AE}yIl5zEJw@_nNvduV1@D;*}Esp{D=z2hKE6=OI?@;dtxjld{fs7_@XYKsIpZ;hpH?7*>^-anN8to0`} zb7p02l+aQQOPsN2u;DnZ@mvLtbC75_3hodw{UHjbQ&et-dne$kiH_}o9$4Ssgc`II}!ih=y4ahk7rN&tr{(Qo3>vF z#nZD~^_L?&Z+m8sf6{0jT$xzeewIcm+|I6W_ci zoR(^Q`sCe|XMJacu??hm z>ZXHv>qzq=?I{)NLMv8a*$BZ3l-p#&bU#KG+(?#SEiZ`jk{$OI%{7hH5NrR&L4-+C z5ksVX3X%PJkpOr_?azn_0UgQpoM$hqEu|Yj9U4A`n64x zxOrors)MrYV-7T`B1^-ZpT>Jo9K95y|5LSoB57Q3J@||^$jL@%cIL)LnQtExy=E;= z#Mgw|5l^DL|GxUliOc;EEGE4`r3%p)SuH+&V^*x}Gw-JC#mRa6p#CPpel4-<5+3r^ zIsC_#0_dpb{lX6R7RxOTSBB~WDW+>(k2F3pm?D(r|J#v*5k|>D4sZuN|2rPgyZ;7E zFlHblGnva4eq*Y&qY_sL6b9vnQjmfmU=m_B5CF({ze~6BXD>y=0#A=p Z(A7&y9DFqqNbY)H$SBIxME0Nh{2#XL7B~O^ literal 0 HcmV?d00001 diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets new file mode 100644 index 0000000..802cfc6 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: P12 moonCert.p12 "kUqd8O7mzbjXNJKQ" diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf new file mode 100644 index 0000000..4628e70 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf new file mode 100644 index 0000000..06bfa03 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..1a9e2aa0159c3478c91fc19636c67b392434fc25 GIT binary patch literal 3764 zcmY+GXEYm(--by=5PP*Xs)DwpNNSJTTAQM%T~vcwrACbqTB}B^*kWsIQ=(e6x7uRw z8KY{%EN`E4-uHd}{|~?OJLkI3xj)|Lf}v{Tq>EQ51WB(KdjT_kW>9{12ri*jFyZ-=E#IFb!2e}08o$w zp(t?UnwTkCGap7nu)o%klK$X`8_NL5fmoQ$Q1cbocgM#59iI*T51N`qUr9Z905(?x z(jS`t6z^Q@8|OT{E*9wwARE_}gwxwa<_ zFfaZu(NcvGW9i(SdVC%X4#^x*zJ$mX&76-RG{IcTQuZCGVF6)Hw7hi4XthUcRg}j% zd)-8R4)b%MUJe?Rn+E+fv`(j^rtVsKAP<2Gu@^! z*$=GV_=ez@-ihDnI_I9NXy<eh z^?ko>D7V}A8!>%X{F+JI;79u)q8@y!ge`scprFSl$0_b1G@bHz4!h&)UpLM<;jvtf zuA3lfVb8cWn=4@G`1J$;e0FRqei@?6v8tZ_jzXiEb?Lbw<+pZo?K@~K0eeK*8N7mY zzlGg9#*5}A?oy=#4kuNoxxq|#=3l=geY_I@DAI{`Y;MOtD=f;Amo!Ci<-iv!<_GRzBGCNcUX zx0I#z`bG)U6jvvZqJf~-CuG$r80e@?lVZV?k~XS^S7?3k9_1b}#fl5CHNUYKb6HzZ z@Im@%sW2Q;VZ=Bpd=nXbO(%Zx$MxluDUYfvhUn=oK2Ps1wU;pgy1Yx=G2kIJp3{(S zM0_RwyBl=mMZMI%T1e$}PgTaM8J0MClbM70$($zPAgDtTS2M33O|Yo(-UwjWSc%kK z3Yk4WnU`S3J8_8=8_*%ZjAs>y^YKQieVC^Zv-l-Qbr##K{c)GJlY*D+eK6h1AR|se z{&>jLgg23v$bXmqr(aDg`Vy$hdlBbhfJ$bi<*1+yL+Zc0l}38uNp)-CxrH;*;uB#s zF>$8XpuMY=YEAmCNLnoQ_q;qp@N;p#Q1v}F-vmjS7f;fpGwZew)uQPl?N|@$0|L?4 z$`0m;C!AcZg0o%4WrsJZpwR9sBWhovKl=y0zREFe!^G>}ri*ZpZSh5g{GgUX-E9-G z^EQ$RE+JJ8Q0fA*2xGXpq$^ieEjGEToaJz?mCL35lQY&ZV-~du6;=IQFf~WQOK;_q zJlz_tY=%{0x(_E4yJ24-JX;HwA<ZA)URRA%fN^c;;I*P7RpTCzwg%$TcD zv951{BI?Yv+pH8m^*@}aKNsQ8eiQrXO;6A02V)>3*`QjeU%Dg`@CZ}5Igu)vG5?Jx%>50zWp*LWajEykyIOnp+6>1NsG z1{7yJ>9f7Ed<&MwcxGyZg6&-tL(l7SnWW#|t-j&7Z3iG-e zsjY`UZC+uztj`ua=9*Ikxg_n} z`}iPtrvF|nwP%fAK9xfSKwF~n4FMf>T^h-f}XMz^EEghpp&YpP~IE{|5Zu4 z<{W2a?;Ur^dYU-Wj;QR}O6RDXLK^f3oiiSkL)~+iA8M}`C?xEc>ajPOG4b6B)nJT5 zbn59{J&&#*zoDz)y!1I0_&m)+ia>Kis^i;Rn#`S-mD*cr7^#Tt-+N>Th$lt!Y28nM zulD<_>@k;+qNE2Qv(zr$I8iwxpCU(k&tA4dYiKu~9zSfaOHE!5eX*b{B9t`z-63}} zDLfWhRY*cF7x!v=eN_K@FX!Vi7lUsHuMaPZUDVsl^)i8t#sxDXo>PoEhu~_}U2vpO!cs*s za?iF4aXj#2f;HkR%~XrFQ$UF1H$_*uO&Mn&$gMEO-ce5et@9pk%ZRY^Wt=EeIzsoUwmT|Mqxj*H+^Gc zaCHmYXZy1!spfPRG3_@Lgx7XASw-y=E{v9XaJIV+jRJ&y*=C5(R6@}ea@6mvVRq?P z9=(xWv2RlrOl_fJqg+^o&$Ki8i)8fY_o5d~e$~tbez(kx!w4Ji1ulkxoJ!N-m@`xH z{Ad=itDwGJ#NB6S>SQRO>R+t*_a2gi|4)0UNC8+B*)9x4M))rqy7rF^sc;UYtLVN#{bNI9 zD6+0zhxi`F>wy?0LU&-uM45xyq7(ai;tI`+pr7W?X5BTE-;kqz3(#Ypwt@GLh;+?j z+%lLPqmnlsZawUlk9eRaH!Jn6654+cntGL=jlUDiAn@3i))XMab*ew?eu(f;@@aXN zb5P866f}rpa_Ixk)6_7j}J==7R%y=WC@tc7-N?+F>})o%CxncHH(j zD-S0D9%8d|XsHU1X$r+R`Cs(A>447DGVmps^%x9c zJ9p9tiO-G>XOG|g)z&pyzbx8ZIPEU1|A(wDIh>c!VpS(_Pz`aU7I9U(l?zxVN+!4aDwwW(&jGps&O4QTASf#yF(gRN0o z$2UFE6+72Sk@IINP$Ez0RvD?_Ngn+d#)Dsc)Lv^d+6V}%yhd2fFDd+61glX=x{zao zu^F4Fx40D^DP%_}t&gX$1QSknI91jriQAtIG-eIR=hX_K2OW4NE;uc#gTctPl0F!;PlJmn)%>XCI0dNTY(Wua>$9nmR0+{$Jj>R#` zR%&ms(;Jb+E&s6QbXwsRDy7rC_e{Pr+I(RwLm>Euyjg)br-wt`GgFd z!up{ztCyBPrA<=meWtG6$vI{*b{v+w>iA(L*rb`wNxYlrni!%Kq5fj#Pf0MXi>BT8 zClo<|Mudjrj|N=-_A~|;A{c{?9!UJz&8a?(kh3Bj(zk93oa zBWSGgUE`RnKMW4zhEb9Op|sZkY(Nq+=8Zd_Us0W%_`~Kn b3%s1OOf*+ww#g`B*n4_JcOVx3jOYIVVK6mP literal 0 HcmV?d00001 diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets new file mode 100644 index 0000000..3dc8552 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,8 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: P12 sunCert.p12 "IxjQVCF3JGI+MoPi" + + + + + diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf new file mode 100644 index 0000000..4628e70 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-pkcs12/posttest.dat b/testing/tests/ikev2/net2net-pkcs12/posttest.dat new file mode 100644 index 0000000..0fbba48 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +moon::rm /etc/ipsec.d/private/moonCert.p12 +sun::rm /etc/ipsec.d/private/sunCert.p12 diff --git a/testing/tests/ikev2/net2net-pkcs12/pretest.dat b/testing/tests/ikev2/net2net-pkcs12/pretest.dat new file mode 100644 index 0000000..4a6f0db --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/pretest.dat @@ -0,0 +1,7 @@ +moon::rm /etc/ipsec.d/private/moonKey.pem +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::ipsec start +sun::ipsec start +moon::sleep 1 +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pkcs12/test.conf b/testing/tests/ikev2/net2net-pkcs12/test.conf new file mode 100644 index 0000000..646b8b3 --- /dev/null +++ b/testing/tests/ikev2/net2net-pkcs12/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" -- 2.7.4