#!/bin/sh
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# iptables -t nat -F
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# # Display the table, so we know it is correct.
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# echo done.
done.
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# sleep 2
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# ipsec look
nic Mon Aug 26 13:31:57 UTC 2019
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
192.0.1.0/24 via 192.1.2.45 dev eth0
192.0.2.0/24 via 192.1.2.23 dev eth0
192.0.3.0/24 via 192.1.3.33 dev eth1
192.1.2.0/24 dev eth0 proto kernel scope link src 192.1.2.254
192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.254
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
NSS_CERTIFICATES

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# # confirm east is in unrouted state again
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# hostname | grep east > /dev/null && ipsec status |grep "eroute owner"
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'hostname | grep east > /dev/null && ipsec status |grep "eroute owner"' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<ip xfrm policy
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# ip xfrm state
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# : ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566826262.016:237258): avc:  denied  { write } for  pid=23142 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=581795971 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566826265.629:237368): avc:  denied  { write } for  pid=24699 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1016646947 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-02-auth\[root@nic ikev2-redirect-02-auth]#