#!/bin/sh
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# iptables -t nat -F
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# # Display the table, so we know it is correct.
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# echo done.
done.
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# sleep 2
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# ipsec look
nic Mon Aug 26 18:39:40 UTC 2019
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
192.0.1.0/24 via 192.1.2.45 dev eth0
192.0.2.0/24 via 192.1.2.23 dev eth0
192.0.3.0/24 via 192.1.3.33 dev eth1
192.1.2.0/24 dev eth0 proto kernel scope link src 192.1.2.254
192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.254
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
NSS_CERTIFICATES

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# # confirm east is in unrouted state again
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# hostname | grep east > /dev/null && ipsec status |grep "eroute owner"
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'hostname | grep east > /dev/null && ipsec status |grep "eroute owner"' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# ipsec auto --status
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566844725.483:306685): avc:  denied  { getattr } for  pid=17809 comm="df" path="/run/utsns/west-ikev2-ike-rekey-05" dev="nsfs" ino=4026535069 scontext=system_u:system_r:disk_munin_plugin_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file permissive=1
type=AVC msg=audit(1566844725.559:306692): avc:  denied  { write } for  pid=17827 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295555956 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566844730.677:306747): avc:  denied  { write } for  pid=18841 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1016936383 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566844730.689:306748): avc:  denied  { write } for  pid=18852 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=1016936383 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566844740.382:306972): avc:  denied  { write } for  pid=21399 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295555956 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-redirect-03-auth-loop\[root@nic ikev2-redirect-03-auth-loop]#