On 30 August 2017 at 02:29, Noel Kuntze <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: > Two things: > - Please don't pipe stuff from the web into bash, it just asks for trouble > and especially don't advertise or advise people to do it.
Hi Noel, good point. This should probably be removed from nixos.org/nix. > - Try enforcing UDP encapsulation. If the FW rules actually change something, > then currently only IKE is allowed, but there's no NAT, so ESP is used as > transport protocol. Something similar was suggested[1] on the nix-devel mailinglist. I will see how to get that to work. Bas [1] https://groups.google.com/forum/#!msg/nix-devel/X-0T97MLR7I/jbPQucPOAAAJ > Kind regards > > Noel > > On 30.08.2017 02:18, Bas van Dijk wrote: >> I've created a PR for the NixOS Linux distribution that adds a module >> for strongswan-swanctl: >> >> https://github.com/NixOS/nixpkgs/pull/27958 >> >> Although the new module works on our company VPN I would also like to >> add a NixOS test to ensure it keeps working. I've mimicked one of the >> swanctl tests from the strongswan project: >> >> >> https://github.com/LumiGuide/nixpkgs/blob/strongswan-swanctl-test/nixos/tests/strongswan-swanctl.nix >> >> Although SAs get established successfully between gateway moon and >> roadwarrior carol I can't seem to ping alice from carol. Since I'm no >> networking expert I'm probably missing something obvious. It would be >> great if somebody could give me a tip or point me in the right >> direction. >> >> To run the test for yourself you don't need to install NixOS, you only >> need the Nix package manager (which is easy to uninstall later on; >> just rm -r /nix): >> >> $ curl https://nixos.org/nix/install | sh >> >> Then clone my nixpkgs fork and checkout the right branch: >> >> $ git clone https://github.com/LumiGuide/nixpkgs.git >> $ cd nixpkgs >> $ git checkout strongswan-swanctl-test >> >> Look in nixos/tests/strongswan-swanctl.nix to see how to run the test >> but the following should get you started: >> >> $ nix-build nixos/tests/strongswan-swanctl.nix >> >> Note that I also asked this question on the nix-devel mailinglist: >> >> https://groups.google.com/forum/#!topic/nix-devel/X-0T97MLR7I >> >> Cheers, >> >> Bas >
