--- north.console.txt 1970-01-01 00:00:00.000000000 +0000 +++ OUTPUT/north.console.txt 2019-08-26 13:28:23.622180967 +0000 @@ -0,0 +1,75 @@ +/testing/guestbin/swan-prep +north # + ipsec start +Redirecting to: [initsystem] +north # + /testing/pluto/bin/wait-until-pluto-started +north # + ipsec auto --add north-east +002 added connection description "north-east" +north # + ipsec whack --impair suppress-retransmits +north # + # road should have only one public key of its own +north # + ipsec auto --listpubkeys +000 +000 List of Public Keys: +000 +000 TIMESTAMP, 2192 RSA Key AQPl33O2P (has private key), until --- -- --:--:-- ---- ok (expires never) +000 ID_FQDN '@north.testing.libreswan.org' +north # + echo "initdone" +initdone +north # + # there should be only one pub key not road. +north # + ipsec auto --listpubkeys +000 +000 List of Public Keys: +000 +000 TIMESTAMP, 2192 RSA Key AQPl33O2P (has private key), until --- -- --:--:-- ---- ok (expires never) +000 ID_FQDN '@north.testing.libreswan.org' +north # + ipsec auto --up north-east +002 "north-east" #1: initiating v2 parent SA +1v2 "north-east" #1: initiate +003 "north-east" #1: IKEv2 DNS query -- east.testing.libreswan.org. IN IPSECKEY -- returned SERVFAIL rr parse error SERVFAIL elapsed time 0.002939 +1v2 "north-east" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 +1v2 "north-east" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} +002 "north-east" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED +000 "north-east" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack +north # + # there should be two public keys. including road +north # + ping -n -c 4 -I 192.1.3.33 192.1.2.23 +PING 192.1.2.23 (192.1.2.23) from 192.1.3.33 : 56(84) bytes of data. +64 bytes from 192.1.2.23: icmp_seq=1 ttl=63 time=0.XXX ms +64 bytes from 192.1.2.23: icmp_seq=2 ttl=63 time=0.XXX ms +64 bytes from 192.1.2.23: icmp_seq=3 ttl=63 time=0.XXX ms +64 bytes from 192.1.2.23: icmp_seq=4 ttl=63 time=0.XXX ms +--- 192.1.2.23 ping statistics --- +4 packets transmitted, 4 received, 0% packet loss, time XXXX +rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms +north # + ipsec whack --trafficstatus +north # + echo done +done +north # + # both ends should have two public keys.The second from reverse dns +north # + ipsec auto --listpubkeys +000 +000 List of Public Keys: +000 +000 TIMESTAMP, 2192 RSA Key AQPl33O2P (has private key), until --- -- --:--:-- ---- ok (expires never) +000 ID_FQDN '@north.testing.libreswan.org' +north # + ipsec whack --trafficstatus +north # +north # + ../bin/check-for-core.sh +north # + if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi +