/testing/guestbin/swan-prep
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# cp policies/* /etc/ipsec.d/policies/
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# echo "192.1.2.0/24" >> /etc/ipsec.d/policies/clear-or-private
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# cp ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: /etc/init.d/ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Starting pluto IKE daemon for IPsec:
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# /testing/pluto/bin/wait-until-pluto-started
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# # give OE policies time to load
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# sleep 10
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# ping -c 4 -I 192.1.2.45 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.2.45 : 56(84) bytes of data.
64 bytes from 192.1.2.23: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.094 ms
64 bytes from 192.1.2.23: icmp_seq=3 ttl=64 time=0.094 ms
64 bytes from 192.1.2.23: icmp_seq=4 ttl=64 time=0.037 ms
--- 192.1.2.23 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 109ms
rtt min/avg/max/mdev = 0.037/0.069/0.094/0.026 ms
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# echo "initdone"
initdone
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# ping -n -c 4 10.0.10.1
PING 10.0.10.1 (10.0.10.1) 56(84) bytes of data.
--- 10.0.10.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 95ms
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'ping -n -c 4 10.0.10.1' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# ../../pluto/bin/ipsec-look.sh
==== cut ====
start raw xfrm state:
src 192.1.2.253/32 dst 192.1.2.45/32 \ dir fwd priority 1564639 ptype main \
src 192.1.2.253/32 dst 192.1.2.45/32 \ dir in priority 1564639 ptype main \
src 192.1.2.45/32 dst 192.1.2.253/32 \ dir out priority 1564639 ptype main \
src 192.1.3.253/32 dst 192.1.2.45/32 \ dir fwd priority 1564639 ptype main \
src 192.1.3.253/32 dst 192.1.2.45/32 \ dir in priority 1564639 ptype main \
src 192.1.2.45/32 dst 192.1.3.253/32 \ dir out priority 1564639 ptype main \
src 192.1.3.254/32 dst 192.1.2.45/32 \ dir fwd priority 1564639 ptype main \
src 192.1.3.254/32 dst 192.1.2.45/32 \ dir in priority 1564639 ptype main \
src 192.1.2.45/32 dst 192.1.3.254/32 \ dir out priority 1564639 ptype main \
end raw xfrm state:
==== tuc ====
west Mon Aug 26 18:32:00 UTC 2019
XFRM state:
XFRM policy:
src 192.1.2.253/32 dst 192.1.2.45/32
dir fwd priority 1564639 ptype main
src 192.1.2.253/32 dst 192.1.2.45/32
dir in priority 1564639 ptype main
src 192.1.2.45/32 dst 192.1.2.253/32
dir out priority 1564639 ptype main
src 192.1.2.45/32 dst 192.1.3.253/32
dir out priority 1564639 ptype main
src 192.1.2.45/32 dst 192.1.3.254/32
dir out priority 1564639 ptype main
src 192.1.3.253/32 dst 192.1.2.45/32
dir fwd priority 1564639 ptype main
src 192.1.3.253/32 dst 192.1.2.45/32
dir in priority 1564639 ptype main
src 192.1.3.254/32 dst 192.1.2.45/32
dir fwd priority 1564639 ptype main
src 192.1.3.254/32 dst 192.1.2.45/32
dir in priority 1564639 ptype main
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 via 192.1.2.23 dev eth1
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# : ==== cut ====
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# ipsec auto --status
whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# ../bin/check-for-core.sh
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566844133.486:265910): avc: denied { write } for pid=7504 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=295084539 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566844133.996:266013): avc: denied { write } for pid=8463 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=63889669 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]# : ==== end ====
�kroot@swantest:/home/build/libreswan/testing/pluto/newoe-25-cat-4�\[root@west newoe-25-cat-4]#