/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 # confirm that the network is alive
west #
 ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j LOGDROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec whack --impair send-pkcs7-thingie
west #
 ipsec auto --add ikev2-westnet-eastnet-x509-cr
002 added connection description "ikev2-westnet-eastnet-x509-cr"
west #
 echo "initdone"
initdone
west #
 ipsec auto --up ikev2-westnet-eastnet-x509-cr
002 "ikev2-westnet-eastnet-x509-cr" #1: initiating v2 parent SA
1v2 "ikev2-westnet-eastnet-x509-cr" #1: initiate
1v2 "ikev2-westnet-eastnet-x509-cr" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
west #
 ping -n -c4 -I 192.0.1.254 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
--- 192.0.2.254 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time XXXX
west #
 ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
west #
 echo "done"
done
west #
 grep -e 'parse IKEv2 Certificate' -e 'emit IKEv2 Certificate' -e 'ikev2 cert encoding' /tmp/pluto.log
west #
 ../../pluto/bin/ipsec-look.sh
west NOW
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 via 192.1.2.23 dev eth1
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
Libreswan test CA for mainca - Libreswan                     CT,, 
east                                                         P,,  
east-ec                                                      P,,  
hashsha1                                                     P,,  
nic                                                          P,,  
north                                                        P,,  
road                                                         P,,  
west                                                         u,u,u
west #
west #
 ../bin/check-for-core.sh
CORE FOUND: /tmp/core.road.pluto.28445
[New LWP 28445]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
Core was generated by `PATH/libexec/ipsec/pluto --config /etc/ipsec.conf --leak-detective'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f6aed4b857f in raise () from /lib64/libc.so.6
#0  0x00007f6aed4b857f in raise () from /lib64/libc.so.6
#1  0x00007f6aed4a2895 in abort () from /lib64/libc.so.6
#2  0x0000563a7b4673b0 in lswlog_passert_suffix (buf=buf@entry=0x7ffc2dac95f0, where=...) at /home/build/libreswan/lib/libswan/lswlog_passert.c:32
#3  0x0000563a7b458c37 in lsw_passert_fail (where=..., fmt=fmt@entry=0x563a7b48d321 "%s") at /home/build/libreswan/lib/libswan/lsw_passert_fail.c:31
#4  0x0000563a7b3f43e6 in free_signal_handlers () at /home/build/libreswan/programs/pluto/server.c:624
#5  free_pluto_event_list () at /home/build/libreswan/programs/pluto/server.c:671
#6  0x0000563a7b3f0f2d in exit_pluto (status=10) at /home/build/libreswan/programs/pluto/plutomain.c:1850
#7  0x0000563a7b3b78b2 in create_lock () at /home/build/libreswan/programs/pluto/plutomain.c:272
#8  main (argc=4, argv=0x7ffc2dac9e48) at /home/build/libreswan/programs/pluto/plutomain.c:1458
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
warning: Loadable section ".note.gnu.property" outside of ELF segments
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi