/testing/guestbin/swan-prep kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ip addr add 192.0.100.254/24 dev eth0:1 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ip route add 192.0.200.0/24 via 192.1.2.23 dev eth1 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# # ensure that clear text does not get through kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# iptables -A INPUT -i eth1 -s 192.0.200.0/24 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: namespaces direct start via ipsec pluto kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ipsec whack --impair suppress-retransmits kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ipsec auto --add westnet-eastnet-ikev2a 002 added connection description "westnet-eastnet-ikev2a" kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ipsec auto --add westnet-eastnet-ikev2b 002 added connection description "westnet-eastnet-ikev2b" kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# # this connections auto=start on east kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# # ipsec auto --up westnet-eastnet-ikev2a kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# # give time to establish the first connection kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# sleep 15 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ping -n -c 4 -I 192.0.1.254 192.0.2.254 PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. 64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.077 ms 64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.065 ms 64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.044 ms 64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.055 ms --- 192.0.2.254 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 57ms rtt min/avg/max/mdev = 0.044/0.060/0.077/0.013 ms kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder]# ipsec auto --up westnet-eastnet-ikev2b whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-child-ipsec-responder\[root@west ikev2-child-ipsec-responder 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec auto --up westnet-eastnet-ikev2b' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 westrun.sh 'ping -n -c 4 -I 192.0.100.254 192.0.200.254' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec whack --trafficstatus' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<