/testing/guestbin/swan-prep ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# # confirm that the network is alive ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254 destination -I 192.0.1.254 192.0.2.254 is alive ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# # adding some routes to sow confusion on purpose ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route add 192.168.1.1 via 192.0.1.254 dev eth0 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route add 192.168.1.2 via 192.1.2.45 dev eth1 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route add 192.168.1.16/28 via 192.1.2.45 dev eth1 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route add 25.1.0.0/16 via 192.0.1.254 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route add 25.2.0.0/16 via 192.1.2.45 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec start Redirecting to: namespaces direct start via ipsec pluto ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# /testing/pluto/bin/wait-until-pluto-started ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec auto --add westnet-all 002 added IKEv1 connection "westnet-all" ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route list default via 192.1.2.254 dev eth1 25.1.0.0/16 via 192.0.1.254 dev eth0 25.2.0.0/16 via 192.1.2.45 dev eth1 192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 192.0.2.0/24 via 192.1.2.23 dev eth1 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 192.168.1.1 via 192.0.1.254 dev eth0 192.168.1.2 via 192.1.2.45 dev eth1 192.168.1.16/28 via 192.1.2.45 dev eth1 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# for i in `seq 1 12`; do ipsec auto --add orient$i; done 002 added IKEv1 connection "orient1" 002 added IKEv1 connection "orient2" 002 added IKEv1 connection "orient3" 002 added IKEv1 connection "orient4" 002 added IKEv1 connection "orient5" 002 added IKEv1 connection "orient6" 002 added IKEv1 connection "orient7" 002 added IKEv1 connection "orient8" 002 added IKEv1 connection "orient9" 002 added IKEv1 connection "orient10" 002 added IKEv1 connection "orient11" 002 added IKEv1 connection "orient12" ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec auto --status |grep orient |grep "eroute owner" 000 "orient1": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient10": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient11": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient12": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient2": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient3": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient4": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient5": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient6": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient7": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient8": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient9": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec whack --impair suppress-retransmits ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# echo "initdone" initdone ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec auto --up westnet-all 002 "westnet-all" #1: initiating IKEv1 Main Mode connection 002 "westnet-all" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 102 "westnet-all" #1: sent Main Mode request 002 "westnet-all" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 104 "westnet-all" #1: sent Main Mode I2 002 "westnet-all" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 106 "westnet-all" #1: sent Main Mode I3 002 "westnet-all" #1: Peer ID is ID_FQDN: '@east' 003 "westnet-all" #1: authenticated using RSA with SHA-1 004 "westnet-all" #1: IKE SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} 002 "westnet-all" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:214646a7 proposal=defaults pfsgroup=MODP2048} 002 "westnet-all" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 115 "westnet-all" #2: sent Quick Mode request 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 002 "westnet-all" #2: route-client output: Error: Peer netns reference is invalid. 004 "westnet-all" #2: IPsec SA established tunnel mode {ESP=>0x891e6284 <0x816f542d xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ping -n -c 4 -I 192.0.1.254 192.0.2.254 PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. 64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.156 ms 64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.082 ms 64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.117 ms 64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.815 ms --- 192.0.2.254 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3093ms rtt min/avg/max/mdev = 0.082/0.292/0.815/0.302 ms ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec trafficstatus 006 #2: "westnet-all", type=ESP, add_time=1604157844, inBytes=336, outBytes=336, id='@east' ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ip route list default via 192.1.2.254 dev eth1 25.1.0.0/16 via 192.0.1.254 dev eth0 25.2.0.0/16 via 192.1.2.45 dev eth1 192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 192.0.2.0/24 via 192.1.2.23 dev eth1 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 192.168.1.1 via 192.0.1.254 dev eth0 192.168.1.2 via 192.1.2.45 dev eth1 192.168.1.16/28 via 192.1.2.45 dev eth1 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# # testing re-orienting ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec auto --replace westnet-all 002 "westnet-all": terminating SAs using this connection 002 "westnet-all" #2: deleting state (STATE_QUICK_I2) aged 3.599708s and sending notification 005 "westnet-all" #2: ESP traffic information: in=336B out=336B 002 "westnet-all" #1: deleting state (STATE_MAIN_I4) aged 3.645658s and sending notification 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 unroute-client output: Error: Peer netns reference is invalid. 002 added IKEv1 connection "westnet-all" ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec auto --status |grep westnet 000 "westnet-all": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===0.0.0.0/0; unrouted; eroute owner: #0 000 "westnet-all": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "westnet-all": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "westnet-all": our auth:rsasig, their auth:rsasig 000 "westnet-all": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "westnet-all": policy_label:unset; 000 "westnet-all": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "westnet-all": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "westnet-all": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "westnet-all": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "westnet-all": conn_prio: 24,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "westnet-all": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "westnet-all": our idtype: ID_FQDN; our id=@west; their idtype: ID_FQDN; their id=@east 000 "westnet-all": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "westnet-all": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $14; ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# echo done done ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ../../pluto/bin/ipsec-look.sh ==== cut ==== start raw xfrm state: src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket out priority 0 ptype main \ src 0.0.0.0/0 dst 0.0.0.0/0 \ socket in priority 0 ptype main \ end raw xfrm state: ==== tuc ==== west Sat Oct 31 15:24:09 UTC 2020 XFRM state: XFRM policy: XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.2.254 dev eth1 25.1.0.0/16 via 192.0.1.254 dev eth0 25.2.0.0/16 via 192.1.2.45 dev eth1 192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 192.0.2.0/24 via 192.1.2.23 dev eth1 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 192.168.1.1 via 192.0.1.254 dev eth0 192.168.1.2 via 192.1.2.45 dev eth1 192.168.1.16/28 via 192.1.2.45 dev eth1 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ../../pluto/bin/xfrmcheck.sh ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# : ==== cut ==== ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec auto --status 000 using kernel interface: xfrm 000 000 interface lo UDP 127.0.0.1:4500 000 interface lo UDP 127.0.0.1:500 000 interface eth0 UDP 192.0.1.254:4500 000 interface eth0 UDP 192.0.1.254:500 000 interface eth1 UDP 192.1.2.45:4500 000 interface eth1 UDP 192.1.2.45:500 000 000 fips mode=disabled; 000 SElinux=disabled 000 seccomp=disabled 000 000 config setup options: 000 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d 000 nssdir=/var/lib/ipsec/nss, dumpdir=/tmp, statsbin=unset 000 dnssec-rootkey-file=/var/lib/unbound/root.key, dnssec-trusted= 000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec 000 pluto_version=v4.1-88-gf1d1933837ef-main, pluto_vendorid=OE-Libreswan-v4.1-88, audit-log=yes 000 nhelpers=-1, uniqueids=yes, dnssec-enable=yes, logappend=no, logip=yes, shuntlifetime=900s, xfrmlifetime=30s 000 ddos-cookies-threshold=25000, ddos-max-halfopen=50000, ddos-mode=auto, ikev1-policy=accept 000 ikebuf=0, msg_errqueue=yes, crl-strict=no, crlcheckinterval=0, listen=, nflog-all=0 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri= 000 ocsp-trust-name= 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get 000 global-redirect=no, global-redirect-to= 000 secctx-attr-type=32001 000 debug: base+cpu-usage impair: suppress-retransmits:yes 000 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500 000 virtual-private (%priv): 000 000 Kernel algorithms supported: 000 000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256 000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256 000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128 000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384 000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512 000 algorithm AH/ESP auth: name=NONE, key-length=0 000 000 IKE algorithms supported: 000 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256 000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16 000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20 000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32 000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48 000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64 000 algorithm IKE PRF: name=AES_XCBC, hashlen=16 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192 000 algorithm IKE DH Key Exchange: name=DH19, bits=512 000 algorithm IKE DH Key Exchange: name=DH20, bits=768 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056 000 algorithm IKE DH Key Exchange: name=DH31, bits=256 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 Connection list: 000 000 "orient1": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient1": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient1": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient1": our auth:secret, their auth:secret 000 "orient1": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient1": policy_label:unset; 000 "orient1": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient1": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient1": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient1": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient1": conn_prio: 32,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient1": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient1": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: %none; their id=(none) 000 "orient1": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient1": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $2; 000 "orient10": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient10": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient10": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient10": our auth:secret, their auth:secret 000 "orient10": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient10": policy_label:unset; 000 "orient10": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient10": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient10": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient10": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient10": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient10": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient10": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient10": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient10": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $11; 000 "orient11": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient11": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient11": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient11": our auth:secret, their auth:secret 000 "orient11": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient11": policy_label:unset; 000 "orient11": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient11": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient11": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient11": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient11": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient11": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient11": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient11": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient11": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $12; 000 "orient12": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient12": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient12": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient12": our auth:secret, their auth:secret 000 "orient12": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient12": policy_label:unset; 000 "orient12": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient12": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient12": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient12": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient12": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient12": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient12": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient12": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient12": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $13; 000 "orient2": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient2": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient2": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient2": our auth:secret, their auth:secret 000 "orient2": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient2": policy_label:unset; 000 "orient2": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient2": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient2": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient2": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient2": conn_prio: 32,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient2": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient2": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: %none; their id=(none) 000 "orient2": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient2": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $3; 000 "orient3": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient3": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient3": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient3": our auth:secret, their auth:secret 000 "orient3": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient3": policy_label:unset; 000 "orient3": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient3": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient3": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient3": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient3": conn_prio: 32,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient3": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient3": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: %none; their id=(none) 000 "orient3": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient3": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $4; 000 "orient4": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0 000 "orient4": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient4": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient4": our auth:secret, their auth:secret 000 "orient4": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient4": policy_label:unset; 000 "orient4": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient4": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient4": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient4": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient4": conn_prio: 32,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient4": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient4": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: %none; their id=(none) 000 "orient4": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient4": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $5; 000 "orient5": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient5": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient5": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient5": our auth:secret, their auth:secret 000 "orient5": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient5": policy_label:unset; 000 "orient5": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient5": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient5": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient5": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient5": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient5": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient5": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient5": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient5": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $6; 000 "orient6": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient6": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient6": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient6": our auth:secret, their auth:secret 000 "orient6": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient6": policy_label:unset; 000 "orient6": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient6": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient6": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient6": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient6": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient6": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient6": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient6": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient6": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $7; 000 "orient7": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient7": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient7": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient7": our auth:secret, their auth:secret 000 "orient7": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient7": policy_label:unset; 000 "orient7": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient7": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient7": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient7": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient7": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient7": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient7": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient7": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient7": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $8; 000 "orient8": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient8": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient8": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient8": our auth:secret, their auth:secret 000 "orient8": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient8": policy_label:unset; 000 "orient8": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient8": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient8": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient8": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient8": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient8": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient8": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient8": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient8": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $9; 000 "orient9": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0 000 "orient9": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "orient9": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "orient9": our auth:secret, their auth:secret 000 "orient9": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "orient9": policy_label:unset; 000 "orient9": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "orient9": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "orient9": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "orient9": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "orient9": conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "orient9": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "orient9": our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8 000 "orient9": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "orient9": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $10; 000 "westnet-all": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===0.0.0.0/0; unrouted; eroute owner: #0 000 "westnet-all": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "westnet-all": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "westnet-all": our auth:rsasig, their auth:rsasig 000 "westnet-all": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "westnet-all": policy_label:unset; 000 "westnet-all": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "westnet-all": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "westnet-all": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "westnet-all": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKE_FRAG_ALLOW+ESN_NO; 000 "westnet-all": conn_prio: 24,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "westnet-all": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "westnet-all": our idtype: ID_FQDN; our id=@west; their idtype: ID_FQDN; their id=@east 000 "westnet-all": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "westnet-all": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $14; 000 000 Total IPsec connections: loaded 13, active 0 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0) 000 IPsec SAs: total(0), authenticated(0), anonymous(0) 000 000 Bare Shunt list: 000 ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# : ==== tuc ==== ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ipsec whack --shutdown 002 shutting down ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# ../bin/check-for-core.sh ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi ]0;root@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02[root@west basic-pluto-02 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<