/testing/guestbin/swan-prep --x509 Preparing X.509 files kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# certutil -D -n east -d sql:/etc/ipsec.d kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# cp road-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# cp policies/* /etc/ipsec.d/policies/ kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# echo "192.1.2.0/24" >> /etc/ipsec.d/policies/private-or-clear kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: namespaces direct start via ipsec pluto kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# ipsec whack --impair suppress-retransmits kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# # ensure for tests acquires expire before our failureshunt=2m kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# echo 30 > /proc/sys/net/core/xfrm_acq_expires kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# # give OE policies time to load kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# sleep 5 kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# ip -s xfrm monitor > /tmp/xfrm-monitor.out & [1] 30979 kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# # one packet, which gets eaten by XFRM, so east does not initiate kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# ping -n -c 1 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms [1]+ Terminated ip -s xfrm monitor > /tmp/xfrm-monitor.out kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 roadrun.sh 'ping -n -c 1 -I 192.1.3.209 192.1.2.23' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 roadrun.sh '# wait on OE retransmits and rekeying' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 roadrun.sh 'ipsec whack --trafficstatus' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 roadrun.sh 'ipsec whack --shuntstatus' <<<<<<<<< /dev/null 2> /dev/null kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# cp /tmp/xfrm-monitor.out OUTPUT/road.xfrm-monitor.txt kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# # ping should succeed through tunnel kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse]# ping -n -c 2 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 11ms kroot@swantest:/home/build/libreswan/testing/pluto/certoe-05-poc-reverse\[root@road certoe-05-poc-reverse 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 roadrun.sh 'ping -n -c 2 -I 192.1.3.209 192.1.2.23' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep "negotiated connection" /tmp/pluto.log' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh '# you should see both RSA and NULL' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep IKEv2_AUTH_ OUTPUT/*pluto.log' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<