/testing/guestbin/swan-prep west # # confirm that the network is alive west # ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254 destination -I 192.0.1.254 192.0.2.254 is alive west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # ipsec auto --add west-east 002 added connection description "west-east" west # echo "initdone" initdone west # ipsec auto --up west-east 002 "west-east" #1: initiating Main Mode 1v1 "west-east" #1: STATE_MAIN_I1: initiate 1v1 "west-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2 1v1 "west-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "west-east" #1: Peer ID is ID_FQDN: '@east' 003 "west-east" #1: Authenticated using RSA 004 "west-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "west-east" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO 1v1 "west-east" #2: STATE_QUICK_I1: initiate 004 "west-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} west # # suppress martian logging before we create havoc west # echo 0 > /proc/sys/net/ipv4/conf/default/log_martians west # echo 0 > /proc/sys/net/ipv4/conf/all/log_martians west # # add east's ip on west to shoot in foot west # ip addr add 192.1.2.23/24 dev eth1 west # ipsec auto --ready 002 listening for IKE messages 002 adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 002 adding interface eth1/eth1 192.1.2.23:4500 003 two interfaces match "west-east" (eth1, eth1) 002 "west-east": terminating SAs using this connection 002 "west-east" #2: deleting state (STATE_QUICK_I2) and sending notification 005 "west-east" #2: ESP traffic information: in=0B out=0B 002 "west-east" #1: deleting state (STATE_MAIN_I4) and sending notification 002 forgetting secrets 002 loading secrets from "/etc/ipsec.secrets" 002 loaded private key for keyid: PKK_RSA:AQOm9dY/4 west # sleep 30 west # echo done done west # ipsec whack --shutdown 002 shutting down west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi