#!/bin/sh kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -t nat -F kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -F kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# # NAT kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254 kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# # make sure that we never acidentially let ESP or L2TP through. kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -N LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -A LOGDROP -j LOG kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -A LOGDROP -j DROP kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -I FORWARD 1 --proto 50 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -I FORWARD 2 --proto udp --dport 1701 -j LOGDROP kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# # Display the table, so we know it is correct. kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.1.3.0/24 0.0.0.0/0 to:192.1.2.254 kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination LOGDROP esp -- 0.0.0.0/0 0.0.0.0/0 LOGDROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1701 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain LOGDROP (2 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# echo done done kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# : ==== end ==== kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# ../../pluto/bin/ipsec-look.sh kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02]# ipsec auto --status whack: Pluto is not running (no "/run/pluto/pluto.ctl") kroot@swantest:/home/build/libreswan/testing/pluto/l2tp-02\[root@nic l2tp-02 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep 'Result using RFC 3947' /tmp/pluto.log' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<