--- west.console.txt 2019-08-24 18:12:56.322672198 +0000 +++ OUTPUT/west.console.txt 2019-08-26 18:28:41.959332297 +0000 @@ -14,8 +14,7 @@ # confirm clear text does not get through west # ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254 -[ 00.00] IN=eth1 OUT= MAC=12:00:00:64:64:45:12:00:00:64:64:23:08:00 SRC=192.0.2.254 DST=192.0.1.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXXX PROTO=ICMP TYPE=0 CODE=0 ID=XXXX SEQ=1 -down +up UNEXPECTED west # ipsec start Redirecting to: [initsystem] @@ -42,8 +41,6 @@ target prot opt source destination Chain LOGDROP (1 references) target prot opt source destination -LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 -DROP all -- 0.0.0.0/0 0.0.0.0/0 west # ipsec auto --up westnet-eastnet-nflog 002 "westnet-eastnet-nflog" #1: initiating Main Mode @@ -70,8 +67,6 @@ NFLOG all -- 192.0.1.0/24 192.0.2.0/24 policy match dir out pol ipsec nflog-prefix westnet-eastnet-nflog nflog-group 13 Chain LOGDROP (1 references) target prot opt source destination -LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 -DROP all -- 0.0.0.0/0 0.0.0.0/0 west # ipsec auto --up west-east-nflog 002 "west-east-nflog" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO @@ -93,8 +88,6 @@ NFLOG all -- 192.0.1.0/24 192.0.2.0/24 policy match dir out pol ipsec nflog-prefix westnet-eastnet-nflog nflog-group 13 Chain LOGDROP (1 references) target prot opt source destination -LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 -DROP all -- 0.0.0.0/0 0.0.0.0/0 west # rm -fr /tmp/nflog-50.pcap west # @@ -157,8 +150,6 @@ NFLOG all -- 192.1.2.45 192.1.2.23 policy match dir out pol ipsec nflog-prefix west-east-nflog nflog-group 50 Chain LOGDROP (1 references) target prot opt source destination -LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 -DROP all -- 0.0.0.0/0 0.0.0.0/0 west # ipsec auto --down west-east-nflog 002 "west-east-nflog": terminating SAs using this connection @@ -176,21 +167,11 @@ target prot opt source destination Chain LOGDROP (1 references) target prot opt source destination -LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 -DROP all -- 0.0.0.0/0 0.0.0.0/0 west # cp /tmp/nflog-50.pcap OUTPUT/nflog-50.pcap west # tcpdump -n -r OUTPUT/nflog-50.pcap -reading from file OUTPUT/nflog-50.pcap, link-type NFLOG (Linux netfilter log messages) -IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 1, length 64 -IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 1, length 64 -IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 2, length 64 -IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 2, length 64 -IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 1, length 64 -IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 1, length 64 -IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 2, length 64 -IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 2, length 64 +tcpdump: truncated dump file; tried to read 4 file header bytes, only got 0 west # echo done done @@ -222,6 +203,8 @@ west # ipsec stop Redirecting to: [initsystem] +Shutting down pluto IKE daemon +002 shutting down west # # show no nflog left behind west # @@ -236,8 +219,6 @@ target prot opt source destination Chain LOGDROP (1 references) target prot opt source destination -LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 -DROP all -- 0.0.0.0/0 0.0.0.0/0 west # ../bin/check-for-core.sh west #