--- north.console.txt	2019-08-24 18:12:56.334671775 +0000
+++ OUTPUT/north.console.txt	2019-08-26 13:26:35.536965188 +0000
@@ -5,7 +5,7 @@
 north #
  # ensure that clear text does not get through
 north #
- iptables -A INPUT -i eth0 -s 192.0.2.0/24 -j LOGDROP
+ iptables -I INPUT -i eth0 -s 192.0.2.0/24 -j LOGDROP
 north #
  iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
 north #
@@ -13,8 +13,13 @@
 north #
  ping -n -c 4 -I 192.0.3.254 192.0.2.254
 PING 192.0.2.254 (192.0.2.254) from 192.0.3.254 : 56(84) bytes of data.
+64 bytes from 192.0.2.254: icmp_seq=1 ttl=63 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=2 ttl=63 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=3 ttl=63 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=4 ttl=63 time=0.XXX ms
 --- 192.0.2.254 ping statistics ---
-4 packets transmitted, 0 received, 100% packet loss, time XXXX
+4 packets transmitted, 4 received, 0% packet loss, time XXXX
+rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
 north #
  ipsec start
 Redirecting to: [initsystem]
@@ -55,26 +60,22 @@
 002 "north-east-x509-pluto-02" #1: I am sending my cert
 002 "north-east-x509-pluto-02" #1: I am sending a certificate request
 1v1 "north-east-x509-pluto-02" #1: STATE_MAIN_I3: sent MI3, expecting MR3
-002 "north-east-x509-pluto-02" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
-002 "north-east-x509-pluto-02" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
-003 "north-east-x509-pluto-02" #1: Authenticated using RSA
-004 "north-east-x509-pluto-02" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
-002 "north-east-x509-pluto-02" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
-1v1 "north-east-x509-pluto-02" #2: STATE_QUICK_I1: initiate
-004 "north-east-x509-pluto-02" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
+003 "north-east-x509-pluto-02" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
+003 "north-east-x509-pluto-02" #1: received and ignored notification payload: INVALID_ID_INFORMATION
+031 "north-east-x509-pluto-02" #1: STATE_MAIN_I3: 60 second timeout exceeded after 0 retransmits.  Possible authentication failure: no acceptable response to our first encrypted message
+000 "north-east-x509-pluto-02" #1: starting keying attempt 2 of an unlimited number, but releasing whack
 north #
  ping -n -c 4 -I 192.0.3.254 192.0.2.254
 PING 192.0.2.254 (192.0.2.254) from 192.0.3.254 : 56(84) bytes of data.
-64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.XXX ms
-64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.XXX ms
-64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.XXX ms
-64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=1 ttl=63 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=2 ttl=63 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=3 ttl=63 time=0.XXX ms
+64 bytes from 192.0.2.254: icmp_seq=4 ttl=63 time=0.XXX ms
 --- 192.0.2.254 ping statistics ---
 4 packets transmitted, 4 received, 0% packet loss, time XXXX
 rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
 north #
  ipsec whack --trafficstatus
-006 #2: "north-east-x509-pluto-02", type=ESP, add_time=1234567890, inBytes=336, outBytes=336, id='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
 north #
  echo done
 done
@@ -82,38 +83,13 @@
  ../../pluto/bin/ipsec-look.sh
 north NOW
 XFRM state:
-src 192.1.2.23 dst 192.1.3.33
-	proto esp spi 0xSPISPI reqid REQID mode tunnel
-	replay-window 32 flag af-unspec
-	auth-trunc hmac(sha1) 0xHASHKEY 96
-	enc cbc(aes) 0xENCKEY
-src 192.1.3.33 dst 192.1.2.23
-	proto esp spi 0xSPISPI reqid REQID mode tunnel
-	replay-window 32 flag af-unspec
-	auth-trunc hmac(sha1) 0xHASHKEY 96
-	enc cbc(aes) 0xENCKEY
 XFRM policy:
-src 192.0.2.0/24 dst 192.0.3.0/24
-	dir fwd priority 1042407 ptype main
-	tmpl src 192.1.2.23 dst 192.1.3.33
-		proto esp reqid REQID mode tunnel
-src 192.0.2.0/24 dst 192.0.3.0/24
-	dir in priority 1042407 ptype main
-	tmpl src 192.1.2.23 dst 192.1.3.33
-		proto esp reqid REQID mode tunnel
-src 192.0.3.0/24 dst 192.0.2.0/24
-	dir out priority 1042407 ptype main
-	tmpl src 192.1.3.33 dst 192.1.2.23
-		proto esp reqid REQID mode tunnel
 XFRM done
 IPSEC mangle TABLES
 NEW_IPSEC_CONN mangle TABLES
 ROUTING TABLES
 default via 192.1.3.254 dev eth1
-192.0.1.0/24 via 192.1.3.254 dev eth1
-192.0.2.0/24 via 192.1.3.254 dev eth1
 192.0.3.0/24 dev eth0 proto kernel scope link src 192.0.3.254
-192.1.2.0/24 via 192.1.3.254 dev eth1
 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.33
 NSS_CERTIFICATES
 Certificate Nickname                                         Trust Attributes