[strongSwan] NixOS test

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Aug 30 02:29:45 CEST 2017


Two things:
- Please don't pipe stuff from the web into bash, it just asks for trouble and especially don't advertise or advise people to do it.
- Try enforcing UDP encapsulation. If the FW rules actually change something, then currently only IKE is allowed, but there's no NAT, so ESP is used as transport protocol.

Kind regards


On 30.08.2017 02:18, Bas van Dijk wrote:
> I've created a PR for the NixOS Linux distribution that adds a module
> for strongswan-swanctl:
>   https://github.com/NixOS/nixpkgs/pull/27958
> Although the new module works on our company VPN I would also like to
> add a NixOS test to ensure it keeps working. I've mimicked one of the
> swanctl tests from the strongswan project:
>   https://github.com/LumiGuide/nixpkgs/blob/strongswan-swanctl-test/nixos/tests/strongswan-swanctl.nix
> Although SAs get established successfully between gateway moon and
> roadwarrior carol I can't seem to ping alice from carol. Since I'm no
> networking expert I'm probably missing something obvious. It would be
> great if somebody could give me a tip or point me in the right
> direction.
> To run the test for yourself you don't need to install NixOS, you only
> need the Nix package manager (which is easy to uninstall later on;
> just rm -r /nix):
>   $ curl https://nixos.org/nix/install | sh
> Then clone my nixpkgs fork and checkout the right branch:
>   $ git clone https://github.com/LumiGuide/nixpkgs.git
>   $ cd nixpkgs
>   $ git checkout strongswan-swanctl-test
> Look in nixos/tests/strongswan-swanctl.nix to see how to run the test
> but the following should get you started:
>   $ nix-build nixos/tests/strongswan-swanctl.nix
> Note that I also asked this question on the nix-devel mailinglist:
>   https://groups.google.com/forum/#!topic/nix-devel/X-0T97MLR7I
> Cheers,
> Bas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170830/edba47e3/attachment.sig>

More information about the Users mailing list