[strongSwan] NixOS test

Bas van Dijk v.dijk.bas at gmail.com
Wed Aug 30 11:52:33 CEST 2017 

The test now succeeds[1].

Thanks for your help.

Bas

[1] https://groups.google.com/d/msg/nix-devel/X-0T97MLR7I/cGUCWjXQAAAJ

On 30 August 2017 at 02:57, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> On 30 August 2017 at 02:29, Noel Kuntze
> <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>> Two things:
>> - Please don't pipe stuff from the web into bash, it just asks for trouble and especially don't advertise or advise people to do it.
>
> Hi Noel, good point. This should probably be removed from nixos.org/nix.
>
>> - Try enforcing UDP encapsulation. If the FW rules actually change something, then currently only IKE is allowed, but there's no NAT, so ESP is used as transport protocol.
>
> Something similar was suggested[1] on the nix-devel mailinglist. I
> will see how to get that to work.
>
> Bas
>
> [1] https://groups.google.com/forum/#!msg/nix-devel/X-0T97MLR7I/jbPQucPOAAAJ
>
>> Kind regards
>>
>> Noel
>>
>> On 30.08.2017 02:18, Bas van Dijk wrote:
>>> I've created a PR for the NixOS Linux distribution that adds a module
>>> for strongswan-swanctl:
>>>
>>>   https://github.com/NixOS/nixpkgs/pull/27958
>>>
>>> Although the new module works on our company VPN I would also like to
>>> add a NixOS test to ensure it keeps working. I've mimicked one of the
>>> swanctl tests from the strongswan project:
>>>
>>>   https://github.com/LumiGuide/nixpkgs/blob/strongswan-swanctl-test/nixos/tests/strongswan-swanctl.nix
>>>
>>> Although SAs get established successfully between gateway moon and
>>> roadwarrior carol I can't seem to ping alice from carol. Since I'm no
>>> networking expert I'm probably missing something obvious. It would be
>>> great if somebody could give me a tip or point me in the right
>>> direction.
>>>
>>> To run the test for yourself you don't need to install NixOS, you only
>>> need the Nix package manager (which is easy to uninstall later on;
>>> just rm -r /nix):
>>>
>>>   $ curl https://nixos.org/nix/install | sh
>>>
>>> Then clone my nixpkgs fork and checkout the right branch:
>>>
>>>   $ git clone https://github.com/LumiGuide/nixpkgs.git
>>>   $ cd nixpkgs
>>>   $ git checkout strongswan-swanctl-test
>>>
>>> Look in nixos/tests/strongswan-swanctl.nix to see how to run the test
>>> but the following should get you started:
>>>
>>>   $ nix-build nixos/tests/strongswan-swanctl.nix
>>>
>>> Note that I also asked this question on the nix-devel mailinglist:
>>>
>>>   https://groups.google.com/forum/#!topic/nix-devel/X-0T97MLR7I
>>>
>>> Cheers,
>>>
>>> Bas
>>

More information about the Users mailing list