Test route-based/net2net-xfrmi-ike
Description
One connection with two CHILD_SAs between the hosts and subnet behind the gateways moon and sun, respectively, are set up using XFRM interfaces.The gateways use route-based forwarding with XFRM interfaces, with firewall rules to allow traffic to pass. Both peers use connection-defined interface IDs so all CHILD_SAs share the same XFRM interface. The IKE daemon does not install routes for CHILD_SAs with outbound interface ID, so routes for the target subnets are installed statically or via updown events.
Both gateways use separate interfaces for in- and outbound traffic (which is completely optional and mainly for testing purposes, a single interface will usually be enough). Gateway moon creates them before initiating the connection, while gateway sun dynamically creates the interfaces via ike-updown event using the passed unique generated interface IDs.
Clients alice and venus behind gateway moon ping client bob located behind gateway sun.
