/testing/guestbin/swan-prep --x509
Preparing X.509 files
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # add default route over "other" interface. road has only one so we fake one
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip route del default
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip tuntap add mode tun tun0
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ifconfig tun0 10.11.12.13/24
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip route add default via 10.11.12.14
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip route add 192.1.2.0/24 via 192.1.3.254
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# certutil -D -n east -d sql:/etc/ipsec.d
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# cp road-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# cp policies/* /etc/ipsec.d/policies/
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # specific /32 to test replacement of /32 oppo-instance with oppo-group
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# echo "192.1.2.23/32"  >> /etc/ipsec.d/policies/private-or-clear
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# restorecon -R /etc/ipsec.d
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: namespaces direct start via ipsec pluto
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec whack --impair suppress-retransmits
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # give OE policies time to load
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip -s xfrm monitor > /tmp/xfrm-monitor.out &
[1] 5185
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# echo "initdone"
initdone
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ping -n -c 5 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.

--- 192.1.2.23 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 130ms

[1]+  Terminated              ip -s xfrm monitor > /tmp/xfrm-monitor.out
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 3-road-run.sh 'ping -n -c 5 -I 192.1.3.209 192.1.2.23' <<<<<<<<<<tuc<<<<<<<<<<# wait on OE retransmits and rekeying
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 3-road-run.sh '# wait on OE retransmits and rekeying' <<<<<<<<<<tuc<<<<<<<<<<sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # should show established tunnel and no bare shunts
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec whack --trafficstatus
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec whack --shuntstatus
000 Bare Shunt list:
000  
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # ping should succeed through tunnel
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ping -n -c 2 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.

--- 192.1.2.23 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 58ms

kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 3-road-run.sh 'ping -n -c 2 -I 192.1.3.209 192.1.2.23' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# echo "waiting on east to send delete for this IPsec SA"
waiting on east to send delete for this IPsec SA
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # confirm received delete was processed - should show no tunnel
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 5-road-redo.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<# let the old acquire expire so it won't interfere with our new trigger
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 5-road-redo.sh '# let the old acquire expire so it won't interfere with our new trigger' <<<<<<<<<<tuc<<<<<<<<<<sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # try triggering again, ondemand policy should re-trigger OE
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip xfrm state
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip xfrm pol
src 192.1.3.209/32 dst 192.1.2.23/32 
	dir out priority 1564639 ptype main 
src 192.1.2.253/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.2.253/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.2.253/32 
	dir out priority 1564639 ptype main 
src 192.1.3.253/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.3.253/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.3.253/32 
	dir out priority 1564639 ptype main 
src 192.1.3.254/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.3.254/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.3.254/32 
	dir out priority 1564639 ptype main 
src 192.1.2.254/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.2.254/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.2.254/32 
	dir out priority 1564639 ptype main 
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ping -n -c 1 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.

--- 192.1.2.23 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 5-road-redo.sh 'ping -n -c 1 -I 192.1.3.209 192.1.2.23' <<<<<<<<<<tuc<<<<<<<<<<# wait on OE to re-establish IPsec SA
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 5-road-redo.sh '# wait on OE to re-establish IPsec SA' <<<<<<<<<<tuc<<<<<<<<<<sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip xfrm state
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ip xfrm pol
src 192.1.3.209/32 dst 192.1.2.23/32 
	dir out priority 1564639 ptype main 
src 192.1.2.253/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.2.253/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.2.253/32 
	dir out priority 1564639 ptype main 
src 192.1.3.253/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.3.253/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.3.253/32 
	dir out priority 1564639 ptype main 
src 192.1.3.254/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.3.254/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.3.254/32 
	dir out priority 1564639 ptype main 
src 192.1.2.254/32 dst 10.11.12.13/32 
	dir fwd priority 1564639 ptype main 
src 192.1.2.254/32 dst 10.11.12.13/32 
	dir in priority 1564639 ptype main 
src 10.11.12.13/32 dst 192.1.2.254/32 
	dir out priority 1564639 ptype main 
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# # should show established tunnel and no bare shunts
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 5-road-redo.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --shuntstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 5-road-redo.sh 'ipsec whack --shuntstatus' <<<<<<<<<<tuc<<<<<<<<<<# ping should succeed through tunnel
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 5-road-redo.sh '# ping should succeed through tunnel' <<<<<<<<<<tuc<<<<<<<<<<ping -n -c 2 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.

--- 192.1.2.23 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 61ms

kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 5-road-redo.sh 'ping -n -c 2 -I 192.1.3.209 192.1.2.23' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 5-road-redo.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<# both ends should show a tunnel
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 6-road-east-final.sh '# both ends should show a tunnel' <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 6-road-east-final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<: ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ipsec auto --status
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 6-road-east-final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 6-road-east-final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<<tuc<<<<<<<<<<: ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/certoe-14-poc-del-slash32\[root@road certoe-14-poc-del-slash32]#