/testing/guestbin/swan-prep kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # confirm that the network is alive kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254 destination -I 192.0.1.254 192.0.2.254 is alive kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # ensure that clear text does not get through kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # confirm clear text does not get through kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254 ==== cut ==== ping -q -n -c 1 -i 2 -w 1 -I 192.0.1.254 192.0.2.254 ==== tuc ==== ==== cut ==== PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. --- 192.0.2.254 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms ==== tuc ==== down kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: /etc/init.d/ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Starting pluto IKE daemon for IPsec: kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec auto --add westnet-eastnet 002 added connection description "westnet-eastnet" kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # Proper test connection, should work kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair none kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254 002 "westnet-eastnet": terminating SAs using this connection 002 added connection description "westnet-eastnet" 002 "westnet-eastnet" #1: initiating Main Mode 102 "westnet-eastnet" #1: STATE_MAIN_I1: initiate 104 "westnet-eastnet" #1: STATE_MAIN_I2: sent MI2, expecting MR2 106 "westnet-eastnet" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "westnet-eastnet" #1: Peer ID is ID_FQDN: '@east' 003 "westnet-eastnet" #1: Authenticated using RSA 004 "westnet-eastnet" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "westnet-eastnet" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:2fc0a7bc proposal=defaults pfsgroup=MODP2048} 115 "westnet-eastnet" #2: STATE_QUICK_I1: initiate 004 "westnet-eastnet" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xcd0b7d9e <0x1f7b82df xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} destination -I 192.0.1.254 192.0.2.254 is alive 002 "westnet-eastnet": terminating SAs using this connection 002 "westnet-eastnet" #2: deleting state (STATE_QUICK_I2) aged 0.063s and sending notification 005 "westnet-eastnet" #2: ESP traffic information: in=84B out=84B 002 "westnet-eastnet" #1: deleting state (STATE_MAIN_I4) aged 0.085s and sending notification 002 "westnet-eastnet": terminating SAs using this connection 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. 002 "westnet-eastnet": unroute-client output: Error: Peer netns reference is invalid. kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # Quick: kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair none kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair revival kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair suppress-retransmits kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair v1-hash-exchange:quick kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # HASH payload omited - should fail kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair v1-hash-payload:omit kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254 002 added connection description "westnet-eastnet" 002 "westnet-eastnet" #3: initiating Main Mode 002 "westnet-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 102 "westnet-eastnet" #3: STATE_MAIN_I1: initiate 002 "westnet-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 104 "westnet-eastnet" #3: STATE_MAIN_I2: sent MI2, expecting MR2 002 "westnet-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 106 "westnet-eastnet" #3: STATE_MAIN_I3: sent MI3, expecting MR3 002 "westnet-eastnet" #3: Peer ID is ID_FQDN: '@east' 003 "westnet-eastnet" #3: Authenticated using RSA 004 "westnet-eastnet" #3: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "westnet-eastnet" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#3 msgid:e625d2bd proposal=defaults pfsgroup=MODP2048} 002 "westnet-eastnet" #4: IMPAIR: omitting HASH payload for outI1 002 "westnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 115 "westnet-eastnet" #4: STATE_QUICK_I1: initiate 031 "westnet-eastnet" #4: STATE_QUICK_I1: 60 second timeout exceeded after 0 retransmits. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 000 "westnet-eastnet" #4: starting keying attempt 2 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# # HASH payload empty - should fail kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ipsec whack --impair v1-hash-payload:empty kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1]# ../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254 002 added connection description "westnet-eastnet" 002 "westnet-eastnet" #6: initiating Main Mode 002 "westnet-eastnet" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 102 "westnet-eastnet" #6: STATE_MAIN_I1: initiate 002 "westnet-eastnet" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 104 "westnet-eastnet" #6: STATE_MAIN_I2: sent MI2, expecting MR2 002 "westnet-eastnet" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 106 "westnet-eastnet" #6: STATE_MAIN_I3: sent MI3, expecting MR3 002 "westnet-eastnet" #6: Peer ID is ID_FQDN: '@east' 003 "westnet-eastnet" #6: Authenticated using RSA 004 "westnet-eastnet" #6: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "westnet-eastnet" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#6 msgid:a1099a57 proposal=defaults pfsgroup=MODP2048} 002 "westnet-eastnet" #7: IMPAIR: sending HASH payload with no data for outI1 002 "westnet-eastnet" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 115 "westnet-eastnet" #7: STATE_QUICK_I1: initiate whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) kroot@swantest:/home/build/libreswan/testing/pluto/impair-09-protected-ikev1\[root@west impair-09-protected-ikev1 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh '# HASH payload badly calculated - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:0' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair none' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair revival' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair suppress-retransmits' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-exchange:delete' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh '# HASH payload omited - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:omit' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '# HASH payload empty - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:empty' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '# HASH payload badly calculated - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:0' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair none' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair revival' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair suppress-retransmits' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-exchange:xauth' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh '# HASH payload omited - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:omit' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '# HASH payload empty - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:empty' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '# HASH payload badly calculated - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:0' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair none' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair revival' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair suppress-retransmits' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-exchange:notification' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh '# HASH payload omited - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:omit' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '# HASH payload empty - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:empty' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '# HASH payload badly calculated - should fail' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --impair v1-hash-payload:0' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 westrun.sh '../bin/libreswan-up-down.sh westnet-eastnet -I 192.0.1.254 192.0.2.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 98-shutdown-east-west.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 98-shutdown-east-west.sh 'ipsec stop' <<<<<<<<<