iptables -t nat -F
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# iptables -F
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# # NAT to NIC's address
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# # NAT UDP 500,4500 to NICs address with sport
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -p udp --sport 4500  -j SNAT --to-source 192.1.2.254:2500-2700
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -p udp --sport 500  -j SNAT --to-source 192.1.2.254:3500-3700
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -j SNAT --to-source 192.1.2.254
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# # A tunnel should have established with non-zero byte counters
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# ping -n -c 4 192.1.2.23
PING 192.1.2.23 (192.1.2.23) 56(84) bytes of data.
64 bytes from 192.1.2.23: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.049 ms
64 bytes from 192.1.2.23: icmp_seq=3 ttl=64 time=0.335 ms
64 bytes from 192.1.2.23: icmp_seq=4 ttl=64 time=0.049 ms

--- 192.1.2.23 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 110ms
rtt min/avg/max/mdev = 0.046/0.119/0.335/0.125 ms
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# # jacob two two for east?
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<../../pluto/bin/ipsec-look.sh | sed "s/\(.\)port [0-9][0-9][0-9][0-9] /\1port XXXX /g"
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# # you should see both RSA and NULL
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# grep IKEv2_AUTH_ /tmp/pluto.log
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep IKEv2_AUTH_ /tmp/pluto.log' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<<tuc<<<<<<<<<<: ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@nic certoe-07-nat-2-clients]#