[Swan-dev] adding a test domain
Antony Antony
antony at phenome.org
Thu Aug 4 17:54:58 EEST 2022
For last couple of years I have been using an extended version of the
FreSWAN diagram and added "duo" and "float"
My motivation was more clear hosts, routing FLOAT with dual uplink.
https://libreswan.org/wiki/images/f/f1/Testnet-202102.png
I have nsrun that support sunset,sunrise, Tokyo. I also have pacifica, (in
memory of Hugh Daniel), behind sunset. And arctic behind the pole. I will
update the diagram : Pacifica and arctic.
Along these lines, I have another proposal. To use mixed KVM + namesapce
setup. The plain nodes, including the nic, could be namespace instead of
kvm. I use such setup manually.
If and when we tidy up the network diagrams I propose the following too:
addresspools should use a separate rage on each host. Such as east pool
192.0.8.0/24 west pool192.0.9.0/24 and special cases you can configure both.
On Mon, Jul 25, 2022 at 05:02:56PM -0400, Andrew Cagney wrote:
> I'd like to add a domain to the test framework. The motivation is to
> allow end-to-end testing of scenarios where non IPsec domains route
> their traffic through IPsec gateways. For instance:
>
> {ROAD,TRAIN} - NORTH = NIC - {EAST,WEST}
>
> where NORTH and NIC would be running libreswan, while ROAD, TRAIN,
> EAST, and WEST would not.
> Currently this is implemented by injecting packets into the back
> interface of domains such as NORTH, which isn't quite the same thing.
>
> My suggestion is to make two changes:
> - add a second interface to ROAD so that it can route packets through NORTH
> - add a new domain TRAIN that is behind NORTH
> see https://libreswan.org/wiki/Test_Suite#Proposed_Network_Diagram
>
> For reference:
> Here's the original diagram:
> https://libreswan.org/wiki/Test_Suite#Original_Network_Diagram
> And here's how things are today:
> https://libreswan.org/wiki/Test_Suite#Network_Diagram
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list