iptables -t nat -F nic # iptables -F nic # # NAT to NIC's address nic # # NAT UDP 500,4500 to NICs address with sport nic # iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -p udp --sport 4500 -j SNAT --to-source 192.1.2.254:2500-2700 nic # iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -p udp --sport 500 -j SNAT --to-source 192.1.2.254:3500-3700 nic # iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -j SNAT --to-source 192.1.2.254 nic # # A tunnel should have established with non-zero byte counters nic # ipsec whack --trafficstatus -bash: ipsec: command not found nic # grep "negotiated connection" /tmp/pluto.log grep: /tmp/pluto.log: No such file or directory nic # grep IKEv2_AUTH_ OUTPUT/*pluto.log OUTPUT/east.pluto.log:| auth method: IKEv2_AUTH_RSA (0x1) OUTPUT/east.pluto.log:| auth method: IKEv2_AUTH_RSA (0x1) OUTPUT/road.pluto.log:| auth method: IKEv2_AUTH_RSA (0x1) OUTPUT/road.pluto.log:| auth method: IKEv2_AUTH_RSA (0x1) nic # nic # ../bin/check-for-core.sh nic # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi