/testing/guestbin/swan-prep --x509
Preparing X.509 files
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: /etc/init.d/ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Starting pluto IKE daemon for IPsec:
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# /testing/pluto/bin/wait-until-pluto-started
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec whack --impair suppress-retransmits
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec auto --add road-east-x509-ipv4
002 added connection description "road-east-x509-ipv4"
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# echo "initdone"
initdone
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# #!/bin/sh
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ping -q -n -c 2 192.1.2.23
PING 192.1.2.23 (192.1.2.23) 56(84) bytes of data.
--- 192.1.2.23 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 29ms
rtt min/avg/max/mdev = 0.098/0.110/0.122/0.012 ms
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec auto --up road-east-x509-ipv4
002 "road-east-x509-ipv4"[1] 192.1.2.23 #1: initiating v2 parent SA
181 "road-east-x509-ipv4"[1] 192.1.2.23 #1: initiate
002 "road-east-x509-ipv4"[1] 192.1.2.23: constructed local IKE proposals for road-east-x509-ipv4 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
181 "road-east-x509-ipv4"[1] 192.1.2.23 #1: STATE_PARENT_I1: sent v2I1, expected v2R1
002 "road-east-x509-ipv4"[1] 192.1.2.23 #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
002 "road-east-x509-ipv4"[1] 192.1.2.23: constructed local ESP/AH proposals for road-east-x509-ipv4 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
182 "road-east-x509-ipv4"[1] 192.1.2.23 #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
003 "road-east-x509-ipv4"[1] 192.1.2.23 #2: Authenticated using RSA
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.2.100
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid.
002 "road-east-x509-ipv4"[1] 192.1.2.23 #2: negotiated connection [192.0.2.100-192.0.2.100:0-65535 0] -> [0.0.0.0-255.255.255.255:0-65535 0]
004 "road-east-x509-ipv4"[1] 192.1.2.23 #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP/NAT=>0x38b67726 <0x8c9f06dd xfrm=AES_GCM_16_256-NONE NATOA=none NATD=192.1.2.23:4500 DPD=passive}
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ping -q -n -c 4 -I 192.0.2.100 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.0.2.100 : 56(84) bytes of data.
--- 192.1.2.23 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 92ms
rtt min/avg/max/mdev = 0.076/0.088/0.103/0.013 ms
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec whack --trafficstatus
006 #2: "road-east-x509-ipv4"[1] 192.1.2.23, type=ESP, add_time=0, inBytes=336, outBytes=336, id='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org', lease=192.0.2.100/32
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# # Let R_U_THERE packets flow
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# echo "Waiting 15 seconds..."
Waiting 15 seconds...
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# sleep 15
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# echo "Setting up block via iptables"
Setting up block via iptables
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# iptables -I INPUT -s 192.1.2.23/32 -d 0/0 -j DROP
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# iptables -I OUTPUT -d 192.1.2.23/32 -s 0/0 -j DROP
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# echo "sleep 110 seconds"
sleep 110 seconds
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# sleep 30
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# sleep 30
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# sleep 30
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# sleep 20
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# # tunnel should be gone
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec whack --trafficstatus
whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 roadrun.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<echo done
done
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# : ==== cut ====
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ipsec auto --status
whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# ../bin/check-for-core.sh
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566843999.743:256897): avc: denied { write } for pid=16182 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=294975820 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]# : ==== end ====
�kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-31-nat-rw-no-rekey�\[root@road ikev2-31-nat-rw-no-rekey]#