.. _example_vpn_ipsec_site-to-site_roadwarrior:

###########
Roadwarrior
###########

This scenario shows different ways to setup a roadwarrior VPN
connection; in which, instead of using a N2N (network to network)
connection, a single machine (e.g., a host) is able to connect to
a remote private network.

On the one hand, ``DUT2`` and ``DUT0`` represent a remote branch
office. On the other hand, ``DUT1`` is a roadwarrior that can
establish a connection to ``DUT2`` using different virtual IPs.

Note that security associations (SAs) have to be manually
flushed with the command ``clear vpn ipsec sa``. Depending on
the configuration parameter ``connection-type``, the new tunnel
connections will be created or not. In this case, ``on-demand``
was configured in the roadwarrior to establish the VPN connection
as soon as the first plain IP payload attempts to traverse the
tunnel.

.. image:: roadwarrior.svg
  :width: 800

****************************************
Test VPN Roadwarrior Connection With VTI
****************************************

Description
===========

In this scenario, ``DUT0`` uses a VTI interface
to encapsulate the VPN traffic.

Scenario
========

.. include:: roadwarrior/testvpnroadwarriorconnectionwithvti

.. raw:: html

  <hr>

****************************************************
Test VPN Roadwarrior Connection With Global Policies
****************************************************

Description
===========

In this scenario, ``DUT0`` uses global VPN
policies (or selectors) to encapsulate traffic.

Scenario
========

.. include:: roadwarrior/testvpnroadwarriorconnectionwithglobalpolicies

.. raw:: html

  <hr>