/testing/guestbin/swan-prep
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# cp road-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# cp policies/* /etc/ipsec.d/policies/
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# echo "192.1.2.0/24"  >> /etc/ipsec.d/policies/private-or-clear
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: namespaces direct start via ipsec pluto
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec whack --impair suppress-retransmits
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# # ensure for tests acquires expire before our failureshunt=2m
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# echo 30 > /proc/sys/net/core/xfrm_acq_expires
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# # give OE policies time to load
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# sleep 5
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# echo "initdone"
initdone
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# #secret sauce whack vs packet triggred.
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec whack --oppohere 192.1.3.209 --oppothere 192.1.2.23 --keyid 192.1.2.23 --pubkeyrsa 0sAQO9bJbr33iJs+13DaF/e+UWwsnkfZIKkJ1VQ7RiEwOFeuAme1QfygmTz/8lyQJMeMqU5T6s0fmo5bt/zCCE4CHJ8A3FRLrzSGRhWPYPYw3SZx5Zi+zzUDlx+znaEWS2Ys1f040uwVDtnG4iDDmnzmK1r4qADy5MBVyCx40pAi67I1/b8p61feIgcBpj845drEfwXCZOsdBCYFJKsHclzuCYK0P0x1kaZAGD6k7jGiqSuFWrY91LcEcp3Om0YL9DTViPZHOVcKw1ibLCnNRiwF9WX60b5d1Jk2r1I4Lt1OfV8VXyLaImpjZTL5T7mSJcR8xtgDCIljgM9fLtN9AJ1QePae+pmc5NGneeOcQ488VRUUjv
002 initiate on demand from 192.1.3.209:0 to 192.1.2.23:0 proto=0 because: whack
181 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: initiate
002 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23: constructed local IKE proposals for private-or-clear#192.1.2.0/24 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
002 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
002 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23: constructed local ESP/AH proposals for private-or-clear#192.1.2.0/24 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
002 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
003 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: Authenticated using RSA
002 "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: negotiated connection [192.1.3.209-192.1.3.209:0-65535 0] -> [192.1.2.23-192.1.2.23:0-65535 0]
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# # wait on OE retransmits
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# sleep 2
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# # should show established tunnel and no bare shunts
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec whack --trafficstatus
006 #2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=0, inBytes=0, outBytes=0, id='192.1.2.23'
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec whack --shuntstatus
000 Bare Shunt list:
000  
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# # ping should succeed through tunnel
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ping -n -c 2 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.
64 bytes from 192.1.2.23: icmp_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.090 ms

--- 192.1.2.23 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 33ms
rtt min/avg/max/mdev = 0.090/0.098/0.106/0.008 ms
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 roadrun.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<echo done
done
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<<tuc<<<<<<<<<<# A tunnel should have established
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh '# A tunnel should have established' <<<<<<<<<<tuc<<<<<<<<<<grep "negotiated connection" /tmp/pluto.log
"private-or-clear#192.1.2.0/24"[1] ...192.1.2.23 #2: negotiated connection [192.1.3.209-192.1.3.209:0-65535 0] -> [192.1.2.23-192.1.2.23:0-65535 0]
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# # you should see both RSA and NULL
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# grep IKEv2_AUTH_ /tmp/pluto.log
|    auth method: IKEv2_AUTH_NULL (0xd)
|    auth method: IKEv2_AUTH_RSA (0x1)
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# : ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ipsec auto --status
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<<tuc<<<<<<<<<<: ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<<tuc<<<<<<<<<<: ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/rawrsaoe-asymmetric-01\[root@road rawrsaoe-asymmetric-01]#