/testing/guestbin/swan-prep west # ../bin/algo-west-pluto.sh protocol=ah initiator_stack=netkey responder_stack=netkey version=ikev2 encrypt=aes integ=sha1 proto=authenticate algs= sha1 check the stack is netkey protostack=netkey confirm that the network is alive destination -I 192.0.1.254 192.0.2.254 is alive ensure that clear text does not get through [ 00.00] IN=eth1 OUT= MAC=12:00:00:64:64:45:12:00:00:64:64:23:08:00 SRC=192.0.2.254 DST=192.0.1.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXXX PROTO=ICMP TYPE=0 CODE=0 ID=XXXX SEQ=1 down Redirecting to: [initsystem] testing sha1 + + authenticate-ikev2-sha1 + + ipsec whack --name authenticate-ikev2-sha1 --ikev2-allow --psk --esp sha1 --authenticate --pfs --no-esn --id @west --host 192.1.2.45 --nexthop 192.1.2.23 --client 192.0.1.0/24 --to --id @east --host 192.1.2.23 --nexthop=192.1.2.45 --client 192.0.2.0/24 002 added connection description "authenticate-ikev2-sha1" + 002 "authenticate-ikev2-sha1" #1: initiating v2 parent SA 1v2 "authenticate-ikev2-sha1" #1: initiate 1v2 "authenticate-ikev2-sha1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 1v2 "authenticate-ikev2-sha1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "authenticate-ikev2-sha1" #2: IKEv2 mode peer ID is ID_FQDN: '@east' 003 "authenticate-ikev2-sha1" #2: Authenticated using authby=secret 002 "authenticate-ikev2-sha1" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] 004 "authenticate-ikev2-sha1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {AH=>0xAHAH <0xAHAH xfrm=HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} + up + 002 "authenticate-ikev2-sha1": terminating SAs using this connection 002 "authenticate-ikev2-sha1" #2: deleting state (STATE_V2_IPSEC_I) and sending notification 005 "authenticate-ikev2-sha1" #2: AH traffic information: in=84B out=84B 002 "authenticate-ikev2-sha1" #1: deleting state (STATE_PARENT_I3) and sending notification + west # ../../pluto/bin/ipsec-look.sh west NOW XFRM state: XFRM policy: XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.2.254 dev eth1 192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi