iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# /testing/guestbin/swan-prep
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: /etc/init.d/ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Starting pluto IKE daemon for IPsec: 
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ipsec auto --add xauth-road-eastnet
002 added connection description "xauth-road-eastnet"
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# echo done
done
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# # next one will fail because server will timeout for this user
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ipsec whack --xauthname 'gooduser90' --xauthpass 'use1pass' --name xauth-road-eastnet --initiate
002 "xauth-road-eastnet" #1: initiating Main Mode
102 "xauth-road-eastnet" #1: STATE_MAIN_I1: initiate
104 "xauth-road-eastnet" #1: STATE_MAIN_I2: sent MI2, expecting MR2
106 "xauth-road-eastnet" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "xauth-road-eastnet" #1: Peer ID is ID_FQDN: '@east'
003 "xauth-road-eastnet" #1: Authenticated using RSA
004 "xauth-road-eastnet" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
041 "xauth-road-eastnet" #1: xauth-road-eastnet prompt for Username:
040 "xauth-road-eastnet" #1: xauth-road-eastnet prompt for Password:
002 "xauth-road-eastnet" #1: XAUTH: Answering XAUTH challenge with user='gooduser90'
004 "xauth-road-eastnet" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
010 "xauth-road-eastnet" #1: STATE_XAUTH_I1: retransmission; will wait 25 seconds for response
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# # next one should succed and ping pass throguh
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ipsec auto --add xauth-road-eastnet
connect(pluto_ctl) failed: Connection refused
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout 255]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 roadrun.sh 'ipsec auto --add xauth-road-eastnet' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --xauthname 'gooduser' --xauthpass 'use1pass' --name xauth-road-eastnet --initiate
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 roadrun.sh 'ipsec whack --xauthname 'gooduser' --xauthpass 'use1pass' --name xauth-road-eastnet --initiate' <<<<<<<<<<tuc<<<<<<<<<<ping -w 4 -n -c4 192.0.2.254
PING 192.0.2.254 (192.0.2.254) 56(84) bytes of data.
64 bytes from 192.0.2.254: icmp_seq=1 ttl=63 time=0.047 ms
64 bytes from 192.0.2.254: icmp_seq=2 ttl=63 time=0.054 ms
64 bytes from 192.0.2.254: icmp_seq=3 ttl=63 time=0.334 ms
64 bytes from 192.0.2.254: icmp_seq=4 ttl=63 time=0.066 ms

--- 192.0.2.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 98ms
rtt min/avg/max/mdev = 0.047/0.125/0.334/0.120 ms
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 roadrun.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<echo done
done
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ../../pluto/bin/ipsec-look.sh
==== cut ====
start raw xfrm state:
end raw xfrm state:
==== tuc ====
road Mon Aug 26 13:27:08 UTC 2019
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.3.254 dev eth0
192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209
NSS_CERTIFICATES

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# grep "handling event EVENT_PAM_TIMEOUT" /tmp/pluto.log
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep "handling event EVENT_PAM_TIMEOUT" /tmp/pluto.log' <<<<<<<<<<tuc<<<<<<<<<<if [ -f /etc/pam.d/pluto.stock ]; then mv /etc/pam.d/pluto.stock /etc/pam.d/pluto ; fi
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# : ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ipsec auto --status
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<<tuc<<<<<<<<<<: ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/xauth-pluto-20-pam-timeout\[root@road xauth-pluto-20-pam-timeout]#