[strongSwan] NixOS test
Bas van Dijk
v.dijk.bas at gmail.com
Wed Aug 30 11:52:33 CEST 2017
The test now succeeds.
Thanks for your help.
On 30 August 2017 at 02:57, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> On 30 August 2017 at 02:29, Noel Kuntze
> <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>> Two things:
>> - Please don't pipe stuff from the web into bash, it just asks for trouble and especially don't advertise or advise people to do it.
> Hi Noel, good point. This should probably be removed from nixos.org/nix.
>> - Try enforcing UDP encapsulation. If the FW rules actually change something, then currently only IKE is allowed, but there's no NAT, so ESP is used as transport protocol.
> Something similar was suggested on the nix-devel mailinglist. I
> will see how to get that to work.
>  https://groups.google.com/forum/#!msg/nix-devel/X-0T97MLR7I/jbPQucPOAAAJ
>> Kind regards
>> On 30.08.2017 02:18, Bas van Dijk wrote:
>>> I've created a PR for the NixOS Linux distribution that adds a module
>>> for strongswan-swanctl:
>>> Although the new module works on our company VPN I would also like to
>>> add a NixOS test to ensure it keeps working. I've mimicked one of the
>>> swanctl tests from the strongswan project:
>>> Although SAs get established successfully between gateway moon and
>>> roadwarrior carol I can't seem to ping alice from carol. Since I'm no
>>> networking expert I'm probably missing something obvious. It would be
>>> great if somebody could give me a tip or point me in the right
>>> To run the test for yourself you don't need to install NixOS, you only
>>> need the Nix package manager (which is easy to uninstall later on;
>>> just rm -r /nix):
>>> $ curl https://nixos.org/nix/install | sh
>>> Then clone my nixpkgs fork and checkout the right branch:
>>> $ git clone https://github.com/LumiGuide/nixpkgs.git
>>> $ cd nixpkgs
>>> $ git checkout strongswan-swanctl-test
>>> Look in nixos/tests/strongswan-swanctl.nix to see how to run the test
>>> but the following should get you started:
>>> $ nix-build nixos/tests/strongswan-swanctl.nix
>>> Note that I also asked this question on the nix-devel mailinglist:
More information about the Users