--- north.console.txt 2019-08-24 18:12:56.350671211 +0000 +++ OUTPUT/north.console.txt 2019-08-26 13:27:37.035812020 +0000 @@ -31,6 +31,7 @@ 002 "north-east" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO 1v1 "north-east" #2: STATE_QUICK_I1: initiate 002 "north-east" #2: up-client output: updating resolvconf +002 "north-east" #2: up-client output: rm: cannot remove '/etc/resolv.conf': Device or resource busy 004 "north-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=192.1.2.23:4500 DPD=passive username=use1} north # ping -n -c 4 -I 192.0.2.101 192.0.2.254 @@ -44,11 +45,13 @@ rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms north # ipsec whack --trafficstatus -006 #2: "north-east", username=use1, type=ESP, add_time=1234567890, inBytes=716, outBytes=604 +006 #2: "north-east", username=use1, type=ESP, add_time=1234567890, inBytes=336, outBytes=336 north # echo initdone initdone north # + # on east this should show 2 sets of in/fwd/out policies +north # ../../pluto/bin/ipsec-look.sh north NOW XFRM state: @@ -84,10 +87,7 @@ 0.0.0.0/1 via 192.1.3.254 dev eth1 src 192.0.2.101 default via 192.1.3.254 dev eth1 128.0.0.0/1 via 192.1.3.254 dev eth1 src 192.0.2.101 -192.0.1.0/24 via 192.1.3.254 dev eth1 -192.0.2.0/24 via 192.1.3.254 dev eth1 192.0.3.0/24 dev eth0 proto kernel scope link src 192.0.3.254 -192.1.2.0/24 via 192.1.3.254 dev eth1 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.33 NSS_CERTIFICATES Certificate Nickname Trust Attributes