/testing/guestbin/swan-prep kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: /etc/init.d/ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Starting pluto IKE daemon for IPsec: kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec auto --add west-east 002 added connection description "west-east" kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : we can transmit in the clear kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ping -q -c 8 -n -I 192.1.2.45 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.2.45 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 208ms rtt min/avg/max/mdev = 0.022/0.043/0.080/0.018 ms kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : bring up the tunnel kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec auto --up west-east 002 "west-east" #1: initiating Main Mode 102 "west-east" #1: STATE_MAIN_I1: initiate 104 "west-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2 106 "west-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "west-east" #1: Peer ID is ID_FQDN: '@east' 003 "west-east" #1: Authenticated using RSA 004 "west-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "west-east" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:b5f60237 proposal=defaults pfsgroup=MODP2048} 115 "west-east" #2: STATE_QUICK_I1: initiate 004 "west-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x57709f63 <0x73bc9539 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : use the tunnel kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ping -q -c 8 -n -I 192.1.2.45 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.2.45 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 175ms rtt min/avg/max/mdev = 0.065/0.074/0.083/0.010 ms kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : show the tunnel kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec whack --trafficstatus 006 #2: "west-east", type=ESP, add_time=1566844369, inBytes=672, outBytes=672, id='@east' kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : Let R_U_THERE packets flow kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# sleep 10 kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec whack --trafficstatus 006 #2: "west-east", type=ESP, add_time=1566844369, inBytes=672, outBytes=672, id='@east' kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== tuc ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# sleep 10 kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : Create the block kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# iptables -I INPUT -s 192.1.2.23/32 -d 0/0 -j DROP kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# sleep 10 kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec whack --listevents 002 It is now: 29693 seconds since monotonic epoch 002 global periodic timer EVENT_REINIT_SECRET is scheduled for 1566847962 (in 1566818268.614379 seconds) 002 global periodic timer EVENT_SHUNT_SCAN is scheduled for 1566844422 (in 1566814728.618379 seconds) 002 global periodic timer EVENT_PENDING_DDNS is scheduled for 1566844422 (in 1566814728.614379 seconds) 002 global periodic timer EVENT_PENDING_PHASE2 is scheduled for 1566844482 (in 1566814788.614379 seconds) 002 global periodic timer EVENT_RESET_LOG_RATE_LIMIT is scheduled for 1566847962 (in 1566818268.61338 seconds) 002 global one-shot timer EVENT_NAT_T_KEEPALIVE is scheduled for 1566844409 (in 1566814716.207413 seconds) 002 signal event handler PLUTO_SIGCHLD 002 signal event handler PLUTO_SIGTERM 002 signal event handler PLUTO_SIGHUP 002 signal event handler PLUTO_SIGSYS 002 event ethX is not timer based 002 event ethX is not timer based 002 event ethX is not timer based 002 event ethX is not timer based 002 event ethX is not timer based 002 event ethX is not timer based 002 event PLUTO_CTL_FD is not timer based 002 event KERNEL_ROUTE_FD is not timer based 002 event KERNEL_XRM_FD is not timer based 002 event EVENT_SA_REPLACE is schd: 32262 (in 2568s) "west-east" #1 002 event EVENT_DPD_TIMEOUT is schd: 29697 (in 3s) "west-east" #1 002 event EVENT_SA_REPLACE is schd: 57703 (in 28010s) "west-east" #2 002 event EVENT_DPD is schd: 29694 (in 1s) "west-east" #2 kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec whack --trafficstatus 006 #2: "west-east", type=ESP, add_time=1566844369, inBytes=672, outBytes=672, id='@east' kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== tuc ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# sleep 10 kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : DPD should have triggered now kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec whack --trafficstatus kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# # remove the block kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# iptables -D INPUT -s 192.1.2.23/32 -d 0/0 -j DROP kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ping -q -c 8 -n -I 192.1.2.45 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.2.45 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 8 packets transmitted, 6 received, 25% packet loss, time 200ms rtt min/avg/max/mdev = 0.068/0.124/0.352/0.103 ms kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# # Tunnel should be back up now kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec whack --trafficstatus 006 #4: "west-east", type=ESP, add_time=1566844419, inBytes=504, outBytes=504, id='@east' kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# echo done done kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ../../pluto/bin/ipsec-look.sh ==== cut ==== start raw xfrm state: src 192.1.2.45/32 dst 192.1.2.23/32 \ dir out priority 1040351 ptype main \ tmpl src 192.1.2.45 dst 192.1.2.23\ proto esp reqid 16389 mode tunnel\ src 192.1.2.23/32 dst 192.1.2.45/32 \ dir fwd priority 1040351 ptype main \ tmpl src 192.1.2.23 dst 192.1.2.45\ proto esp reqid 16389 mode tunnel\ src 192.1.2.23/32 dst 192.1.2.45/32 \ dir in priority 1040351 ptype main \ tmpl src 192.1.2.23 dst 192.1.2.45\ proto esp reqid 16389 mode tunnel\ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ end raw xfrm state: ==== tuc ==== west Mon Aug 26 18:33:47 UTC 2019 XFRM state: src 192.1.2.23 dst 192.1.2.45 proto esp spi 0x6f0fd82e reqid 16389 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x85e0b489ab0003bbd5bedade8a9d6336a3cf98fb 96 enc cbc(aes) 0xcfbf81c50245b1a50053d2d5c6e4fce1 anti-replay context: seq 0x6, oseq 0x0, bitmap 0x0000003f src 192.1.2.45 dst 192.1.2.23 proto esp spi 0x22268a80 reqid 16389 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x62cd75d5a6f6123a471478575b9f36a8e6c98b59 96 enc cbc(aes) 0xd0b5389d896e6f90f08881eeedb6a57c anti-replay context: seq 0x0, oseq 0x6, bitmap 0x00000000 src 192.1.2.45 dst 192.1.2.23 proto esp spi 0x00000000 reqid 0 mode transport replay-window 0 anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000 sel src 192.1.2.45/32 dst 192.1.2.23/32 proto icmp type 8 code 0 dev eth1 XFRM policy: src 192.1.2.23/32 dst 192.1.2.45/32 dir fwd priority 1040351 ptype main tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid 16389 mode tunnel src 192.1.2.23/32 dst 192.1.2.45/32 dir in priority 1040351 ptype main tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid 16389 mode tunnel src 192.1.2.45/32 dst 192.1.2.23/32 dir out priority 1040351 ptype main tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid 16389 mode tunnel XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.2.254 dev eth1 192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 192.0.2.0/24 via 192.1.2.23 dev eth1 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ipsec auto --status 000 using kernel interface: netkey 000 interface lo/lo 127.0.0.1:4500 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 192.0.1.254:4500 000 interface eth0/eth0 192.0.1.254:500 000 interface eth1/eth1 192.1.2.45:4500 000 interface eth1/eth1 192.1.2.45:500 000 000 000 fips mode=disabled; 000 SElinux=disabled 000 seccomp=disabled 000 000 config setup options: 000 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d 000 nssdir=/etc/ipsec.d, dumpdir=/var/tmp, statsbin=unset 000 dnssec-rootkey-file=/var/lib/unbound/root.key, dnssec-trusted= 000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec 000 pluto_version=v3.28-685-gbfd5aef521-master-s2, pluto_vendorid=OE-Libreswan-v3.28-685, audit-log=yes 000 nhelpers=-1, uniqueids=yes, dnssec-enable=yes, perpeerlog=no, logappend=no, logip=yes, shuntlifetime=900s, xfrmlifetime=30s 000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto 000 ikeport=500, ikebuf=0, msg_errqueue=yes, strictcrlpolicy=no, crlcheckinterval=0, listen=, nflog-all=0 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri= 000 ocsp-trust-name= 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get 000 global-redirect=no, global-redirect-to= 000 secctx-attr-type=32001 000 debug: base+cpu-usage 000 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500 000 virtual-private (%priv): 000 000 Kernel algorithms supported: 000 000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256 000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=SERPENT_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=TWOFISH_CBC, keysizemin=128, keysizemax=256 000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128 000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384 000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512 000 algorithm AH/ESP auth: name=NONE, key-length=0 000 000 IKE algorithms supported: 000 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256 000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16 000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20 000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32 000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48 000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64 000 algorithm IKE PRF: name=AES_XCBC, hashlen=16 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192 000 algorithm IKE DH Key Exchange: name=DH19, bits=512 000 algorithm IKE DH Key Exchange: name=DH20, bits=768 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056 000 algorithm IKE DH Key Exchange: name=DH31, bits=256 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 Connection list: 000 000 "west-east": 192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]; erouted; eroute owner: #4 000 "west-east": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "west-east": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "west-east": our auth:rsasig, their auth:rsasig 000 "west-east": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "west-east": labeled_ipsec:no; 000 "west-east": policy_label:unset; 000 "west-east": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "west-east": retransmit-interval: 500ms; retransmit-timeout: 60s; 000 "west-east": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "west-east": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "west-east": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "west-east": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "west-east": our idtype: ID_FQDN; our id=@west; their idtype: ID_FQDN; their id=@east 000 "west-east": dpd: action:hold; delay:3; timeout:12; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "west-east": newest ISAKMP SA: #3; newest IPsec SA: #4; 000 "west-east": IKEv1 algorithm newest: AES_CBC_256-HMAC_SHA2_256-MODP2048 000 "west-east": ESP algorithm newest: AES_CBC_128-HMAC_SHA1_96; pfsgroup= 000 000 Total IPsec connections: loaded 1, active 1 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0) 000 IPsec SAs: total(1), authenticated(1), anonymous(0) 000 000 #3: "west-east":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2630s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; 000 #4: "west-east":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27821s; newest IPSEC; eroute owner; isakmp#3; idle; 000 #4: "west-east" esp.22268a80@192.1.2.23 esp.6f0fd82e@192.1.2.45 tun.0@192.1.2.23 tun.0@192.1.2.45 ref=0 refhim=0 Traffic: ESPin=504B ESPout=504B! ESPmax=4194303B 000 000 Bare Shunt list: 000 000 192.1.2.45/32:8 -1-> 192.1.2.23/32:0 => %hold 0 %acquire-netlink kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== tuc ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# ../bin/check-for-core.sh kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi type=AVC msg=audit(1566844133.486:265910): avc: denied { write } for pid=7504 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295084539 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844133.996:266013): avc: denied { write } for pid=8463 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=63889669 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844425.798:284747): avc: denied { write } for pid=19805 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295197007 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844426.067:284762): avc: denied { getattr } for pid=19966 comm="df" path="/run/utsns/road-newoe-05-hold-pass" dev="nsfs" ino=4026532702 scontext=system_u:system_r:disk_munin_plugin_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file permissive=1 type=AVC msg=audit(1566844426.558:284777): avc: denied { write } for pid=20491 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295211934 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844427.154:284800): avc: denied { write } for pid=20928 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=585711888 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/dpd-03\[root@west dpd-03]#