/testing/guestbin/swan-prep  --x509
Preparing X.509 files
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# certutil -D -n road -d sql:/etc/ipsec.d
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# cp east-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# cp policies/* /etc/ipsec.d/policies/
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# echo "192.1.2.0/24"  >> /etc/ipsec.d/policies/clear-or-private
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# echo "192.1.3.0/24"  >> /etc/ipsec.d/policies/clear-or-private
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# restorecon -R /etc/ipsec.d
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: namespaces direct start via ipsec pluto
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# ipsec whack --impair suppress-retransmits
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# # give OE policies time to load
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# echo "initdone"
initdone
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# # A tunnel should have established with non-zero byte counters
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# ping -n -c 4 192.1.2.23
PING 192.1.2.23 (192.1.2.23) 56(84) bytes of data.
64 bytes from 192.1.2.23: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from 192.1.2.23: icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from 192.1.2.23: icmp_seq=4 ttl=64 time=0.023 ms

--- 192.1.2.23 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 60ms
rtt min/avg/max/mdev = 0.020/0.027/0.037/0.007 ms
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# # jacob two two for east?
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<../../pluto/bin/ipsec-look.sh | sed "s/\(.\)port [0-9][0-9][0-9][0-9] /\1port XXXX /g"
==== cut ====
start raw xfrm state:
src 192.1.2.23/32 dst 10.0.10.1/32 \	dir out priority 1564639 ptype main \	tmpl src 192.1.2.23 dst 192.1.2.254\		proto esp reqid 16437 mode tunnel\
src 10.0.10.1/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \	tmpl src 192.1.2.254 dst 192.1.2.23\		proto esp reqid 16437 mode tunnel\
src 10.0.10.1/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \	tmpl src 192.1.2.254 dst 192.1.2.23\		proto esp reqid 16437 mode tunnel\
src 192.1.2.253/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.2.253/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.2.253/32 \	dir out priority 1564639 ptype main \
src 192.1.3.253/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.3.253/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.3.253/32 \	dir out priority 1564639 ptype main \
src 192.1.3.254/32 dst 192.1.2.23/32 \	dir fwd priority 1564639 ptype main \
src 192.1.3.254/32 dst 192.1.2.23/32 \	dir in priority 1564639 ptype main \
src 192.1.2.23/32 dst 192.1.3.254/32 \	dir out priority 1564639 ptype main \
end raw xfrm state:
==== tuc ====
east Sat Sep 21 07:32:50 UTC 2019
XFRM state:
src 192.1.2.254 dst 192.1.2.23
	proto esp spi 0xad9363ff reqid 16437 mode tunnel
	replay-window 32 flag af-unspec
	aead rfc4106(gcm(aes)) 0xfcf7604f2bc674d9d9917f9edf9d98a37be613b253da3fd36ee1b3b4d5902f8830465971 128
	encap type espinudp sport XXXX dport XXXX addr 0.0.0.0
	anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
src 192.1.2.23 dst 192.1.2.254
	proto esp spi 0xd7ea4b77 reqid 16437 mode tunnel
	replay-window 32 flag af-unspec
	aead rfc4106(gcm(aes)) 0x3563910807b962ac0db0d6fbe9fd4d5abba7253d95654ed56033b5a801f4a5dbf9bc59d6 128
	encap type espinudp sport XXXX dport XXXX addr 0.0.0.0
	anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
XFRM policy:
src 10.0.10.1/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid 16437 mode tunnel
src 10.0.10.1/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid 16437 mode tunnel
src 192.1.2.23/32 dst 10.0.10.1/32
	dir out priority 1564639 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.254
		proto esp reqid 16437 mode tunnel
src 192.1.2.23/32 dst 192.1.2.253/32
	dir out priority 1564639 ptype main
src 192.1.2.23/32 dst 192.1.3.253/32
	dir out priority 1564639 ptype main
src 192.1.2.23/32 dst 192.1.3.254/32
	dir out priority 1564639 ptype main
src 192.1.2.253/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.2.253/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
src 192.1.3.253/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.3.253/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
src 192.1.3.254/32 dst 192.1.2.23/32
	dir fwd priority 1564639 ptype main
src 192.1.3.254/32 dst 192.1.2.23/32
	dir in priority 1564639 ptype main
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 via 192.1.2.45 dev eth1
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
NSS_CERTIFICATES

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Libreswan test CA for mainca - Libreswan                     CT,, 
east                                                         u,u,u
hashsha1                                                     P,,  
nic                                                          P,,  
north                                                        P,,  
west                                                         P,,  
west-ec                                                      P,,  
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# # you should see both RSA and NULL
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# grep IKEv2_AUTH_ /tmp/pluto.log
|    auth method: IKEv2_AUTH_NULL (0xd)
|    auth method: IKEv2_AUTH_RSA (0x1)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# : ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# ipsec auto --status
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<<tuc<<<<<<<<<<: ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@east certoe-07-nat-2-clients]#