/testing/guestbin/swan-prep --x509 Preparing X.509 files kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# certutil -D -n road -d sql:/etc/ipsec.d kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# certutil -D -n east -d sql:/etc/ipsec.d kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# cp road-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# cp policies/* /etc/ipsec.d/policies/ kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# echo "192.1.2.0/24" >> /etc/ipsec.d/policies/private-or-clear kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# restorecon -R /etc/ipsec.d kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: namespaces direct start via ipsec pluto kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# ipsec whack --impair suppress-retransmits kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# # ensure for tests acquires expire before our failureshunt=2m kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# echo 30 > /proc/sys/net/core/xfrm_acq_expires kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# # give OE policies time to load kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# sleep 5 kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# ip -s xfrm monitor > /tmp/xfrm-monitor.out & [1] 13160 kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# # one packet, which gets eaten by XFRM, so east does not initiate kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# ping -n -c 1 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms [1]+ Terminated ip -s xfrm monitor > /tmp/xfrm-monitor.out kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 roadrun.sh 'ping -n -c 1 -I 192.1.3.209 192.1.2.23' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 roadrun.sh '# wait on OE IKE negotiation' <<<<<<<<< /dev/null 2> /dev/null kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# cp /tmp/xfrm-monitor.out OUTPUT/road.xfrm-monitor.txt kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# # ping should succeed through tunnel kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients]# ping -n -c 2 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. --- 192.1.2.23 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 61ms kroot@swantest:/home/build/libreswan/testing/pluto/certoe-07-nat-2-clients\[root@road certoe-07-nat-2-clients 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 roadrun.sh 'ping -n -c 2 -I 192.1.3.209 192.1.2.23' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'ping -n -c 4 192.1.2.23' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh '# jacob two two for east?' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep IKEv2_AUTH_ /tmp/pluto.log' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<