/testing/guestbin/swan-prep --x509 Preparing X.509 files road # certutil -D -n road -d sql:/etc/ipsec.d road # certutil -D -n east -d sql:/etc/ipsec.d road # cp road-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf road # cp policies/* /etc/ipsec.d/policies/ road # echo "192.1.2.0/24" >> /etc/ipsec.d/policies/private-or-clear road # restorecon -R /etc/ipsec.d road # ipsec start Redirecting to: [initsystem] road # /testing/pluto/bin/wait-until-pluto-started road # ipsec whack --impair suppress-retransmits road # # ensure for tests acquires expire before our failureshunt=2m road # echo 30 > /proc/sys/net/core/xfrm_acq_expires road # # give OE policies time to load road # sleep 5 road # ip -s xfrm monitor > /tmp/xfrm-monitor.out & [x] PID road # echo "initdone" initdone road # # one packet, which gets eaten by XFRM, so east does not initiate road # ping -n -c 2 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time XXXX road # # wait on OE IKE negotiation road # sleep 1 road # # should show established tunnel and no bare shunts road # ipsec whack --trafficstatus whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) road # ipsec whack --shuntstatus whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) road # ../../pluto/bin/ipsec-look.sh road NOW XFRM state: src 192.1.3.209 dst 192.1.2.23 proto esp spi 0xSPISPI reqid REQID mode transport replay-window 0 sel src 192.1.3.209/32 dst 192.1.2.23/32 proto icmp type 8 code 0 dev eth0 XFRM policy: src 192.1.2.253/32 dst 192.1.3.209/32 dir fwd priority 1564639 ptype main src 192.1.2.253/32 dst 192.1.3.209/32 dir in priority 1564639 ptype main src 192.1.3.209/32 dst 192.1.2.253/32 dir out priority 1564639 ptype main src 192.1.3.209/32 dst 192.1.3.253/32 dir out priority 1564639 ptype main src 192.1.3.209/32 dst 192.1.3.254/32 dir out priority 1564639 ptype main src 192.1.3.253/32 dst 192.1.3.209/32 dir fwd priority 1564639 ptype main src 192.1.3.253/32 dst 192.1.3.209/32 dir in priority 1564639 ptype main src 192.1.3.254/32 dst 192.1.3.209/32 dir fwd priority 1564639 ptype main src 192.1.3.254/32 dst 192.1.3.209/32 dir in priority 1564639 ptype main src 192.1.3.209/32 dst 192.1.2.0/24 dir out priority 1564647 ptype main tmpl src 0.0.0.0 dst 0.0.0.0 proto esp reqid REQID mode transport src 192.1.3.209/32 dst 192.1.2.23/32 dir out priority 1564647 ptype main XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.3.254 dev eth0 192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Libreswan test CA for mainca - Libreswan CT,, east-ec P,, hashsha1 P,, nic P,, north P,, west P,, west-ec P,, road # iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination road # killall ip > /dev/null 2> /dev/null road # cp /tmp/xfrm-monitor.out OUTPUT/road.xfrm-monitor.txt road # # ping should succeed through tunnel road # ping -n -c 2 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time XXXX road # echo done done road # # A tunnel should have established with non-zero byte counters road # ipsec whack --trafficstatus whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) road # # you should see both RSA and NULL road # grep IKEv2_AUTH_ /tmp/pluto.log road # road # ../bin/check-for-core.sh CORE FOUND: /tmp/core.road.pluto.16110 [New LWP 16110] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `PATH/libexec/ipsec/pluto --config /etc/ipsec.conf'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f99ab192e75 in raise () from /lib64/libc.so.6 #0 0x00007f99ab192e75 in raise () from /lib64/libc.so.6 #1 0x00007f99ab17d895 in abort () from /lib64/libc.so.6 #2 0x000055681ee6decb in lswlog_passert_suffix (buf=buf@entry=0x7ffd2ffd8e80, where=...) at /home/build/libreswan/lib/libswan/lswlog_passert.c:32 #3 0x000055681ee5f2e8 in lsw_passert_fail (where=..., fmt=fmt@entry=0x55681eebc624 "%s") at /home/build/libreswan/lib/libswan/lsw_passert_fail.c:31 #4 0x000055681edfb586 in free_signal_handlers () at /home/build/libreswan/programs/pluto/server.c:624 #5 free_pluto_event_list () at /home/build/libreswan/programs/pluto/server.c:671 #6 0x000055681edf80c9 in exit_pluto (status=10) at /home/build/libreswan/programs/pluto/plutomain.c:1850 #7 0x000055681edbe907 in create_lock () at /home/build/libreswan/programs/pluto/plutomain.c:272 #8 main (argc=, argv=) at /home/build/libreswan/programs/pluto/plutomain.c:1458 BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. BFD: reopening /tmp/core.road.pluto.16110: No such file or directory Failed to read a valid object file image from memory. BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: generic error warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. BFD: reopening /tmp/core.road.pluto.16110: No such file or directory warning: Couldn't read general-purpose registers from `.reg/16110' section in core file. BFD: reopening /tmp/core.road.pluto.16110: No such file or directory warning: Couldn't read floating-point registers from `.reg2/16110' section in core file. BFD: reopening /tmp/core.road.pluto.16110: No such file or directory warning: Couldn't read XSAVE extended state registers from `.reg-xstate/16110' section in core file. BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory BFD: reopening /tmp/core.road.pluto.16110: No such file or directory mv: cannot stat '/tmp/core.road.pluto.16110': No such file or directory road # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi