The test now succeeds[1]. Thanks for your help.
Bas [1] https://groups.google.com/d/msg/nix-devel/X-0T97MLR7I/cGUCWjXQAAAJ On 30 August 2017 at 02:57, Bas van Dijk <v.dijk....@gmail.com> wrote: > On 30 August 2017 at 02:29, Noel Kuntze > <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: >> Two things: >> - Please don't pipe stuff from the web into bash, it just asks for trouble >> and especially don't advertise or advise people to do it. > > Hi Noel, good point. This should probably be removed from nixos.org/nix. > >> - Try enforcing UDP encapsulation. If the FW rules actually change >> something, then currently only IKE is allowed, but there's no NAT, so ESP is >> used as transport protocol. > > Something similar was suggested[1] on the nix-devel mailinglist. I > will see how to get that to work. > > Bas > > [1] https://groups.google.com/forum/#!msg/nix-devel/X-0T97MLR7I/jbPQucPOAAAJ > >> Kind regards >> >> Noel >> >> On 30.08.2017 02:18, Bas van Dijk wrote: >>> I've created a PR for the NixOS Linux distribution that adds a module >>> for strongswan-swanctl: >>> >>> https://github.com/NixOS/nixpkgs/pull/27958 >>> >>> Although the new module works on our company VPN I would also like to >>> add a NixOS test to ensure it keeps working. I've mimicked one of the >>> swanctl tests from the strongswan project: >>> >>> >>> https://github.com/LumiGuide/nixpkgs/blob/strongswan-swanctl-test/nixos/tests/strongswan-swanctl.nix >>> >>> Although SAs get established successfully between gateway moon and >>> roadwarrior carol I can't seem to ping alice from carol. Since I'm no >>> networking expert I'm probably missing something obvious. It would be >>> great if somebody could give me a tip or point me in the right >>> direction. >>> >>> To run the test for yourself you don't need to install NixOS, you only >>> need the Nix package manager (which is easy to uninstall later on; >>> just rm -r /nix): >>> >>> $ curl https://nixos.org/nix/install | sh >>> >>> Then clone my nixpkgs fork and checkout the right branch: >>> >>> $ git clone https://github.com/LumiGuide/nixpkgs.git >>> $ cd nixpkgs >>> $ git checkout strongswan-swanctl-test >>> >>> Look in nixos/tests/strongswan-swanctl.nix to see how to run the test >>> but the following should get you started: >>> >>> $ nix-build nixos/tests/strongswan-swanctl.nix >>> >>> Note that I also asked this question on the nix-devel mailinglist: >>> >>> https://groups.google.com/forum/#!topic/nix-devel/X-0T97MLR7I >>> >>> Cheers, >>> >>> Bas >>