--- road.console.txt 2019-09-20 17:49:12.491184451 +0000 +++ OUTPUT/road.console.txt 2019-09-21 07:22:37.732688894 +0000 @@ -44,6 +44,10 @@ 4 packets transmitted, 4 received, 0% packet loss, time XXXX rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms road # + ipsec status | grep "STATE_" +000 #1: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23:500 STATE_PARENT_I3 (PARENT SA established); EVENT_SA_REKEY in XXs; newest ISAKMP; idle; +000 #2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23:500 STATE_V2_IPSEC_I (IPsec SA established); EVENT_SA_REKEY in XXs; newest IPSEC; eroute owner; isakmp#1; idle; +road # sleep 20 road # ping -n -c 4 -I 192.1.3.209 192.1.2.23 @@ -80,29 +84,38 @@ 4 packets transmitted, 4 received, 0% packet loss, time XXXX rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms road # + #parent state must be #3 +road # + grep "STATE_" OUTPUT/road.console.verbose.txt +road # + ipsec status | grep "STATE_" +000 #1: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23:500 STATE_PARENT_I3 (PARENT SA established); EVENT_SA_REKEY in XXs; newest ISAKMP; idle; +000 #2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23:500 STATE_V2_IPSEC_I (IPsec SA established); EVENT_SA_REKEY in XXs; newest IPSEC; eroute owner; isakmp#1; idle; ipsec whack --trafficstatus -006 #2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=1596, outBytes=1596, id='ID_NULL' road # - ipsec whack --shuntstatus -000 Bare Shunt list: -000 + grep "STATE_" OUTPUT/road.console.verbose.txt road # + ipsec whack --shuntstatus killall ip > /dev/null 2> /dev/null +whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) +road # + whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) road # echo done +../../pluto/bin/ipsec-look.sh +road # done road # - ../../pluto/bin/ipsec-look.sh -road NOW +road Sat Sep 21 07:22:35 UTC 2019 XFRM state: src 192.1.2.23 dst 192.1.3.209 - proto esp spi 0xSPISPI reqid REQID mode tunnel + proto esp spi 0x594864d7 reqid 16433 mode tunnel replay-window 32 flag af-unspec - aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 + aead rfc4106(gcm(aes)) 0x550c2d68525eb833152d309cc2ba9bf4251a9be9a9f5aeb6b050c01f8b3c8684a53792c5 128 src 192.1.3.209 dst 192.1.2.23 - proto esp spi 0xSPISPI reqid REQID mode tunnel + proto esp spi 0x752c9eee reqid 16433 mode tunnel replay-window 32 flag af-unspec - aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 + aead rfc4106(gcm(aes)) 0xfaf79c89f983e4b2c4d348b07223ad34c03d37cd57a57f376e3c0f4d8211b473bbcbe773 128 XFRM policy: src 192.1.2.253/32 dst 192.1.3.209/32 dir fwd priority 1564639 ptype main @@ -131,23 +144,23 @@ src 192.1.2.23/32 dst 192.1.3.209/32 dir fwd priority 2088927 ptype main tmpl src 192.1.2.23 dst 192.1.3.209 - proto esp reqid REQID mode tunnel + proto esp reqid 16433 mode tunnel src 192.1.2.23/32 dst 192.1.3.209/32 dir in priority 2088927 ptype main tmpl src 192.1.2.23 dst 192.1.3.209 - proto esp reqid REQID mode tunnel + proto esp reqid 16433 mode tunnel src 192.1.3.209/32 dst 192.1.2.23/32 dir out priority 2088927 ptype main tmpl src 192.1.3.209 dst 192.1.2.23 - proto esp reqid REQID mode tunnel + proto esp reqid 16433 mode tunnel src 192.1.3.209/32 dst 192.1.2.0/24 dir out priority 2088935 ptype main tmpl src 0.0.0.0 dst 0.0.0.0 - proto esp reqid REQID mode transport + proto esp reqid 0 mode transport src 192.1.3.209/32 dst 192.1.3.0/24 dir out priority 2088935 ptype main tmpl src 0.0.0.0 dst 0.0.0.0 - proto esp reqid REQID mode transport + proto esp reqid 0 mode transport XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES @@ -158,8 +171,10 @@ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI road # + : ==== tuc ==== road # - ../bin/check-for-core.sh + whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) road # + ../bin/check-for-core.sh if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi