#!/bin/sh kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# iptables -t nat -F kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# # Display the table, so we know it is correct. kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# echo done. done. kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# ipsec look nic Mon Aug 26 18:39:40 UTC 2019 XFRM state: XFRM policy: XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES 192.0.1.0/24 via 192.1.2.45 dev eth0 192.0.2.0/24 via 192.1.2.23 dev eth0 192.0.3.0/24 via 192.1.3.33 dev eth1 192.1.2.0/24 dev eth0 proto kernel scope link src 192.1.2.254 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.254 fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# # confirm east is in unrouted state again kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# hostname | grep east > /dev/null && ipsec status |grep "eroute owner" kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'hostname | grep east > /dev/null && ipsec status |grep "eroute owner"' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# ipsec auto --status whack: Pluto is not running (no "/run/pluto/pluto.ctl") kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ==== kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# ../bin/check-for-core.sh kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi type=AVC msg=audit(1566844725.483:306685): avc: denied { getattr } for pid=17809 comm="df" path="/run/utsns/west-ikev2-ike-rekey-05" dev="nsfs" ino=4026535069 scontext=system_u:system_r:disk_munin_plugin_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file permissive=1 type=AVC msg=audit(1566844725.559:306692): avc: denied { write } for pid=17827 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295555956 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844730.677:306747): avc: denied { write } for pid=18841 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1016936383 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844730.689:306748): avc: denied { write } for pid=18852 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1016936383 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 type=AVC msg=audit(1566844740.382:306972): avc: denied { write } for pid=21399 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295555956 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]#