/testing/guestbin/swan-prep --x509 Preparing X.509 files north # ipsec start Redirecting to: [initsystem] north # /testing/pluto/bin/wait-until-pluto-started north # ipsec auto --add north-east 002 added connection description "north-east" north # ipsec whack --xauthname 'xnorth' --xauthpass 'use1pass' --name north-east --initiate 002 "north-east" #1: initiating Main Mode 1v1 "north-east" #1: STATE_MAIN_I1: initiate 1v1 "north-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2 002 "north-east" #1: I am sending my cert 002 "north-east" #1: I am sending a certificate request 1v1 "north-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "north-east" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' 002 "north-east" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA 003 "north-east" #1: Authenticated using RSA 004 "north-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 041 "north-east" #1: north-east prompt for Username: 040 "north-east" #1: north-east prompt for Password: 002 "north-east" #1: XAUTH: Answering XAUTH challenge with user='xnorth' 004 "north-east" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "north-east" #1: XAUTH: Successfully Authenticated 004 "north-east" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "north-east" #1: modecfg: Sending IP request (MODECFG_I1) 005 "north-east" #1: Received IPv4 address: 192.0.2.100/32 005 "north-east" #1: Received DNS server 1.2.3.4 005 "north-east" #1: Received DNS server 5.6.7.8 005 "north-east" #1: Received subnet 192.0.2.0/24 005 "north-east" #1: Subnet 192.0.2.0/24 already has an spd_route - ignoring 004 "north-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "north-east" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO 1v1 "north-east" #2: STATE_QUICK_I1: initiate 002 "north-east" #2: up-client output: updating resolvconf 002 "north-east" #2: up-client output: rm: cannot remove '/etc/resolv.conf': Device or resource busy 004 "north-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive username=xnorth} north # ping -q -w 4 -n -c 4 192.0.2.254 PING 192.0.2.254 (192.0.2.254) 56(84) bytes of data. --- 192.0.2.254 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time XXXX rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms north # ipsec whack --trafficstatus 006 #2: "north-east", username=xnorth, type=ESP, add_time=1234567890, inBytes=336, outBytes=336 north # echo initdone initdone north # # let road and north wait for east to show tunnels before shutting down north # hostname | grep road > /dev/null && sleep 5 north # hostname | grep north > /dev/null && sleep 5 north # hostname | grep east > /dev/null && ipsec whack --trafficstatus north # north # grep "^leak" /tmp/pluto.log leak-detective enabled north # ../bin/check-for-core.sh north # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi