[strongSwan] NixOS test
Bas van Dijk
v.dijk.bas at gmail.com
Wed Aug 30 02:57:54 CEST 2017
On 30 August 2017 at 02:29, Noel Kuntze
<noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> Two things:
> - Please don't pipe stuff from the web into bash, it just asks for trouble and especially don't advertise or advise people to do it.
Hi Noel, good point. This should probably be removed from nixos.org/nix.
> - Try enforcing UDP encapsulation. If the FW rules actually change something, then currently only IKE is allowed, but there's no NAT, so ESP is used as transport protocol.
Something similar was suggested[1] on the nix-devel mailinglist. I
will see how to get that to work.
Bas
[1] https://groups.google.com/forum/#!msg/nix-devel/X-0T97MLR7I/jbPQucPOAAAJ
> Kind regards
>
> Noel
>
> On 30.08.2017 02:18, Bas van Dijk wrote:
>> I've created a PR for the NixOS Linux distribution that adds a module
>> for strongswan-swanctl:
>>
>> https://github.com/NixOS/nixpkgs/pull/27958
>>
>> Although the new module works on our company VPN I would also like to
>> add a NixOS test to ensure it keeps working. I've mimicked one of the
>> swanctl tests from the strongswan project:
>>
>> https://github.com/LumiGuide/nixpkgs/blob/strongswan-swanctl-test/nixos/tests/strongswan-swanctl.nix
>>
>> Although SAs get established successfully between gateway moon and
>> roadwarrior carol I can't seem to ping alice from carol. Since I'm no
>> networking expert I'm probably missing something obvious. It would be
>> great if somebody could give me a tip or point me in the right
>> direction.
>>
>> To run the test for yourself you don't need to install NixOS, you only
>> need the Nix package manager (which is easy to uninstall later on;
>> just rm -r /nix):
>>
>> $ curl https://nixos.org/nix/install | sh
>>
>> Then clone my nixpkgs fork and checkout the right branch:
>>
>> $ git clone https://github.com/LumiGuide/nixpkgs.git
>> $ cd nixpkgs
>> $ git checkout strongswan-swanctl-test
>>
>> Look in nixos/tests/strongswan-swanctl.nix to see how to run the test
>> but the following should get you started:
>>
>> $ nix-build nixos/tests/strongswan-swanctl.nix
>>
>> Note that I also asked this question on the nix-devel mailinglist:
>>
>> https://groups.google.com/forum/#!topic/nix-devel/X-0T97MLR7I
>>
>> Cheers,
>>
>> Bas
>
More information about the Users
mailing list