/testing/guestbin/swan-prep west # west # ip addr add 192.0.100.254/24 dev eth0:1 west # ip addr add 192.0.101.254/24 dev eth0:1 west # ip addr add 192.0.110.254/24 dev eth0:1 west # ip addr add 192.0.111.254/24 dev eth0:1 west # west # ip route add 192.0.200.0/24 via 192.1.2.23 dev eth1 west # ip route add 192.0.201.0/24 via 192.1.2.23 dev eth1 west # ip route add 192.0.210.0/24 via 192.1.2.23 dev eth1 west # ip route add 192.0.211.0/24 via 192.1.2.23 dev eth1 west # west # # ensure that clear text does not get through west # iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j LOGDROP west # iptables -A INPUT -i eth1 -s 192.0.200.0/24 -j LOGDROP west # iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # ipsec whack --impair suppress-retransmits,delete-on-retransmit west # west # ipsec auto --add westnet-eastnet-ikev2 002 added connection description "westnet-eastnet-ikev2" west # west # ipsec auto --add westnet-eastnet-ikev2-00 002 added connection description "westnet-eastnet-ikev2-00" west # ipsec auto --add westnet-eastnet-ikev2-01 002 ignoring redundant ESP DH algorithm NONE as PFS policy is disabled 002 added connection description "westnet-eastnet-ikev2-01" west # ipsec auto --add westnet-eastnet-ikev2-10 002 added connection description "westnet-eastnet-ikev2-10" west # ipsec auto --add westnet-eastnet-ikev2-11 002 added connection description "westnet-eastnet-ikev2-11" west # west # echo "initdone" initdone west # ipsec auto --up westnet-eastnet-ikev2 002 "westnet-eastnet-ikev2" #1: initiating v2 parent SA 1v2 "westnet-eastnet-ikev2" #1: initiate 1v2 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "westnet-eastnet-ikev2" #1: IMPAIR: retransmit so deleting SA 002 "westnet-eastnet-ikev2" #1: deleting state (STATE_PARENT_I1) and NOT sending notification west # ../../pluto/bin/one-ping.sh -I 192.0.1.254 192.0.2.254 down west # west # # remote pfs=no dh=none west # west # # pfs=no dh= - connect west # ipsec auto --up westnet-eastnet-ikev2-00 west # ../../pluto/bin/one-ping.sh -I 192.0.100.254 192.0.200.254 down west # west # # pfs=no dh=none - connect west # ipsec auto --up westnet-eastnet-ikev2-01 whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # ../../pluto/bin/one-ping.sh -I 192.0.101.254 192.0.201.254 up west # west # # pfs=yes dh= - fail west # # ipsec auto --up westnet-eastnet-ikev2-10 west # # ../../pluto/bin/one-ping.sh -I 192.0.110.254 192.0.210.254 west # west # # pfs=yes dh=none - connect west # ipsec auto --up westnet-eastnet-ikev2-11 whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # ../../pluto/bin/one-ping.sh -I 192.0.111.254 192.0.211.254 up west # west # ipsec whack --trafficstatus whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # west # echo done done west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi