/testing/guestbin/swan-prep east # ipsec start Redirecting to: [initsystem] east # /testing/pluto/bin/wait-until-pluto-started east # ipsec auto --add westnet-eastnet-ikev2 002 added connection description "westnet-eastnet-ikev2" east # echo "initdone" initdone east # ../../pluto/bin/ipsec-look.sh east NOW XFRM state: src 192.1.2.45 dst 192.1.2.23 proto esp spi 0xSPISPI reqid REQID mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 src 192.1.2.23 dst 192.1.2.45 proto esp spi 0xSPISPI reqid REQID mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 XFRM policy: src 192.0.1.0/24 dst 192.0.2.0/24 dir fwd priority 1042407 ptype main tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid REQID mode tunnel src 192.0.1.0/24 dst 192.0.2.0/24 dir in priority 1042407 ptype main tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid REQID mode tunnel src 192.0.2.0/24 dst 192.0.1.0/24 dir out priority 1042407 ptype main tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid REQID mode tunnel XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.2.254 dev eth1 192.0.1.0/24 via 192.1.2.45 dev eth1 192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI east # east # ipsec stop Redirecting to: [initsystem] east # # show no nflog left behind east # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain LOGDROP (0 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 east # ../bin/check-for-core.sh east # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi