--- west.console.txt 2019-08-24 18:12:56.190676851 +0000 +++ OUTPUT/west.console.txt 2019-08-26 13:25:13.359842342 +0000 @@ -1,5 +1,7 @@ /testing/guestbin/swan-prep west # + +west # ip addr add 192.0.100.254/24 dev eth0:1 west # ip addr add 192.0.101.254/24 dev eth0:1 @@ -8,6 +10,8 @@ west # ip addr add 192.0.111.254/24 dev eth0:1 west # + +west # ip route add 192.0.200.0/24 via 192.1.2.23 dev eth1 west # ip route add 192.0.201.0/24 via 192.1.2.23 dev eth1 @@ -16,6 +20,8 @@ west # ip route add 192.0.211.0/24 via 192.1.2.23 dev eth1 west # + +west # # ensure that clear text does not get through west # iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j LOGDROP @@ -31,9 +37,13 @@ west # ipsec whack --impair suppress-retransmits,delete-on-retransmit west # + +west # ipsec auto --add westnet-eastnet-ikev2 002 added connection description "westnet-eastnet-ikev2" west # + +west # ipsec auto --add westnet-eastnet-ikev2-00 002 added connection description "westnet-eastnet-ikev2-00" west # @@ -47,6 +57,8 @@ ipsec auto --add westnet-eastnet-ikev2-11 002 added connection description "westnet-eastnet-ikev2-11" west # + +west # echo "initdone" initdone west # @@ -54,63 +66,61 @@ 002 "westnet-eastnet-ikev2" #1: initiating v2 parent SA 1v2 "westnet-eastnet-ikev2" #1: initiate 1v2 "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 -1v2 "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} -002 "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' -003 "westnet-eastnet-ikev2" #2: Authenticated using authby=secret -002 "westnet-eastnet-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] -004 "westnet-eastnet-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} +002 "westnet-eastnet-ikev2" #1: IMPAIR: retransmit so deleting SA +002 "westnet-eastnet-ikev2" #1: deleting state (STATE_PARENT_I1) and NOT sending notification west # ../../pluto/bin/one-ping.sh -I 192.0.1.254 192.0.2.254 -up +down +west # + west # # remote pfs=no dh=none west # + +west # # pfs=no dh= - connect west # ipsec auto --up westnet-eastnet-ikev2-00 -1v2 "westnet-eastnet-ikev2-00" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response -002 "westnet-eastnet-ikev2-00" #3: negotiated connection [192.0.100.0-192.0.100.255:0-65535 0] -> [192.0.200.0-192.0.200.255:0-65535 0] -004 "westnet-eastnet-ikev2-00" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} west # ../../pluto/bin/one-ping.sh -I 192.0.100.254 192.0.200.254 -up +down +west # + west # # pfs=no dh=none - connect west # ipsec auto --up westnet-eastnet-ikev2-01 -1v2 "westnet-eastnet-ikev2-01" #4: STATE_V2_CREATE_I: sent IPsec Child req wait response -002 "westnet-eastnet-ikev2-01" #4: negotiated connection [192.0.101.0-192.0.101.255:0-65535 0] -> [192.0.201.0-192.0.201.255:0-65535 0] -004 "westnet-eastnet-ikev2-01" #4: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} +whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # ../../pluto/bin/one-ping.sh -I 192.0.101.254 192.0.201.254 up west # + +west # # pfs=yes dh= - connect west # ipsec auto --up westnet-eastnet-ikev2-10 -1v2 "westnet-eastnet-ikev2-10" #5: STATE_V2_CREATE_I: sent IPsec Child req wait response -002 "westnet-eastnet-ikev2-10" #5: negotiated connection [192.0.110.0-192.0.110.255:0-65535 0] -> [192.0.210.0-192.0.210.255:0-65535 0] -004 "westnet-eastnet-ikev2-10" #5: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP2048 NATOA=none NATD=none DPD=passive} +whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # ../../pluto/bin/one-ping.sh -I 192.0.110.254 192.0.210.254 up west # + +west # # pfs=yes dh=none - connect west # ipsec auto --up westnet-eastnet-ikev2-11 -1v2 "westnet-eastnet-ikev2-11" #6: STATE_V2_CREATE_I: sent IPsec Child req wait response -002 "westnet-eastnet-ikev2-11" #6: negotiated connection [192.0.111.0-192.0.111.255:0-65535 0] -> [192.0.211.0-192.0.211.255:0-65535 0] -004 "westnet-eastnet-ikev2-11" #6: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} +whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # ../../pluto/bin/one-ping.sh -I 192.0.111.254 192.0.211.254 up west # + +west # ipsec whack --trafficstatus -006 #2: "westnet-eastnet-ikev2", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' -006 #3: "westnet-eastnet-ikev2-00", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' -006 #4: "westnet-eastnet-ikev2-01", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' -006 #5: "westnet-eastnet-ikev2-10", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' -006 #6: "westnet-eastnet-ikev2-11", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' +whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) +west # + west # echo done done