iptables -t nat -F
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# iptables -F
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# # NAT to NIC's address
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -j SNAT --to-source 192.1.2.254
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# # A tunnel should have established with non-zero byte counters
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<# you should see both RSA and NULL
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh '# you should see both RSA and NULL' <<<<<<<<<<tuc<<<<<<<<<<grep IKEv2_AUTH_ /tmp/pluto.log
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep IKEv2_AUTH_ /tmp/pluto.log' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566825617.108:206379): avc:  denied  { write } for  pid=20244 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1013755146 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566825617.158:206389): avc:  denied  { write } for  pid=20276 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1013755146 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566825621.727:206526): avc:  denied  { write } for  pid=21802 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=945904783 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-06-nat-packet-cop\[root@nic certoe-06-nat-packet-cop]#