/testing/guestbin/swan-prep --x509 Preparing X.509 files east # iptables -I INPUT -p udp -m length --length 0x5dc:0xffff -j LOGDROP east # ipsec start Redirecting to: [initsystem] east # /testing/pluto/bin/wait-until-pluto-started east # ipsec auto --add x509 002 added connection description "x509" east # ipsec whack --impair suppress-retransmits east # echo "initdone" initdone east # grep "fragment" /tmp/pluto.log [ 00.00] IN=eth1 OUT= MAC=12:00:00:64:64:23:12:00:00:de:ad:ba:08:00 SRC=192.1.3.209 DST=192.1.2.23 LEN=XXXX TOS=0x00 PREC=0x00 TTL=63 ID=XXXXX PROTO=UDP SPT=500 DPT=500 LEN=XXXX | peer supports fragmentation | fragment id: 1 (0x1) | fragment number: 1 (0x1) | received IKE fragment id '1', number '1' | fragment id: 1 (0x1) | fragment number: 2 (0x2) | received IKE fragment id '1', number '2' | fragment id: 1 (0x1) | fragment number: 3 (0x3) | received IKE fragment id '1', number '3' | fragment id: 1 (0x1) | fragment number: 4 (0x4) | received IKE fragment id '1', number '4' | fragment id: 1 (0x1) | fragment number: 5 (0x5) | received IKE fragment id '1', number '5'(last) | updated IKE fragment state to respond using fragments without waiting for re-transmits | fragment id: 1 (0x1) | fragment number: 1 (0x1) | received IKE fragment id '1', number '1' | fragment id: 1 (0x1) | fragment number: 2 (0x2) | received IKE fragment id '1', number '2' | fragment id: 1 (0x1) | fragment number: 3 (0x3) | received IKE fragment id '1', number '3' | fragment id: 1 (0x1) | fragment number: 4 (0x4) | received IKE fragment id '1', number '4' | fragment id: 1 (0x1) | fragment number: 5 (0x5) | received IKE fragment id '1', number '5'(last) | sending IKE fragment id '1', number '1' | sending IKE fragment id '1', number '2' | sending IKE fragment id '1', number '3' | sending IKE fragment id '1', number '4' (last) | updated IKE fragment state to respond using fragments without waiting for re-transmits east # east # ../bin/check-for-core.sh east # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi