--- east.console.txt 2019-08-24 18:12:56.350671211 +0000 +++ OUTPUT/east.console.txt 2019-08-26 13:27:36.959814680 +0000 @@ -11,10 +11,71 @@ echo initdone initdone east # + # on east this should show 2 sets of in/fwd/out policies east # - grep "^leak" /tmp/pluto.log -leak-detective enabled -leak detective found no leaks + ../../pluto/bin/ipsec-look.sh +east NOW +XFRM state: +src 192.1.2.254 dst 192.1.2.23 + proto esp spi 0xSPISPI reqid REQID mode tunnel + replay-window 32 flag af-unspec + auth-trunc hmac(sha1) 0xHASHKEY 96 + enc cbc(aes) 0xENCKEY + encap type espinudp sport SPORT dport 4500 addr 0.0.0.0 +src 192.1.2.23 dst 192.1.2.254 + proto esp spi 0xSPISPI reqid REQID mode tunnel + replay-window 32 flag af-unspec + auth-trunc hmac(sha1) 0xHASHKEY 96 + enc cbc(aes) 0xENCKEY + encap type espinudp sport 4500 dport 49277 addr 0.0.0.0 +src 192.1.2.254 dst 192.1.2.23 + proto esp spi 0xSPISPI reqid REQID mode tunnel + replay-window 32 flag af-unspec + auth-trunc hmac(sha1) 0xHASHKEY 96 + enc cbc(aes) 0xENCKEY + encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 +src 192.1.2.23 dst 192.1.2.254 + proto esp spi 0xSPISPI reqid REQID mode tunnel + replay-window 32 flag af-unspec + auth-trunc hmac(sha1) 0xHASHKEY 96 + enc cbc(aes) 0xENCKEY + encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 +XFRM policy: +src 0.0.0.0/0 dst 192.0.2.101/32 + dir out priority 1048543 ptype main + tmpl src 192.1.2.23 dst 192.1.2.254 + proto esp reqid REQID mode tunnel +src 0.0.0.0/0 dst 192.0.2.102/32 + dir out priority 1048543 ptype main + tmpl src 192.1.2.23 dst 192.1.2.254 + proto esp reqid REQID mode tunnel +src 192.0.2.101/32 dst 0.0.0.0/0 + dir fwd priority 1048543 ptype main + tmpl src 192.1.2.254 dst 192.1.2.23 + proto esp reqid REQID mode tunnel +src 192.0.2.101/32 dst 0.0.0.0/0 + dir in priority 1048543 ptype main + tmpl src 192.1.2.254 dst 192.1.2.23 + proto esp reqid REQID mode tunnel +src 192.0.2.102/32 dst 0.0.0.0/0 + dir fwd priority 1048543 ptype main + tmpl src 192.1.2.254 dst 192.1.2.23 + proto esp reqid REQID mode tunnel +src 192.0.2.102/32 dst 0.0.0.0/0 + dir in priority 1048543 ptype main + tmpl src 192.1.2.254 dst 192.1.2.23 + proto esp reqid REQID mode tunnel +XFRM done +IPSEC mangle TABLES +NEW_IPSEC_CONN mangle TABLES +ROUTING TABLES +default via 192.1.2.254 dev eth1 +192.0.1.0/24 via 192.1.2.45 dev eth1 +192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254 +192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 +NSS_CERTIFICATES +Certificate Nickname Trust Attributes + SSL,S/MIME,JAR/XPI east # ../bin/check-for-core.sh east #