/testing/guestbin/swan-prep --x509 Preparing X.509 files north # ipsec start Redirecting to: [initsystem] north # /testing/pluto/bin/wait-until-pluto-started north # ipsec whack --impair suppress-retransmits north # ipsec auto --add north 002 added IKEv2 connection "north" north # ipsec auto --up north 1v2 "north"[1] 192.1.2.23 #1: initiating IKEv2 connection 1v2 "north"[1] 192.1.2.23 #1: sent IKE_SA_INIT request 1v2 "north"[1] 192.1.2.23 #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "north"[1] 192.1.2.23 #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA 002 "north"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' 003 "north"[1] 192.1.2.23 #1: authenticated using RSA with SHA2_512 002 "north"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.2.100 002 "north"[1] 192.1.2.23 #2: negotiated connection [192.0.2.100-192.0.2.100:0-65535 0] -> [0.0.0.0-255.255.255.255:0-65535 0] 004 "north"[1] 192.1.2.23 #2: IPsec SA established tunnel mode {ESPinUDP=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE NATOA=none NATD=192.1.2.23:4500 DPD=passive} north # ../../pluto/bin/ping-once.sh --up -I 192.0.2.100 192.0.2.254 up north # ipsec trafficstatus 006 #2: "north"[1] 192.1.2.23, type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org', lease=192.0.2.100/32 north # ../../pluto/bin/ping-once.sh --up -I 192.0.2.100 192.0.2.254 up north # ipsec trafficstatus 006 #2: "north"[1] 192.1.2.23, type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org', lease=192.0.2.100/32 north # ../../pluto/bin/ipsec-look.sh north NOW XFRM state: src 192.1.2.23 dst 192.1.3.33 proto esp spi 0xSPISPI reqid REQID mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 src 192.1.3.33 dst 192.1.2.23 proto esp spi 0xSPISPI reqid REQID mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 XFRM policy: src 0.0.0.0/0 dst 192.0.2.100/32 dir fwd priority 2080767 ptype main tmpl src 192.1.2.23 dst 192.1.3.33 proto esp reqid REQID mode tunnel src 0.0.0.0/0 dst 192.0.2.100/32 dir in priority 2080767 ptype main tmpl src 192.1.2.23 dst 192.1.3.33 proto esp reqid REQID mode tunnel src 192.0.2.100/32 dst 0.0.0.0/0 dir out priority 2080767 ptype main tmpl src 192.1.3.33 dst 192.1.2.23 proto esp reqid REQID mode tunnel XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES 0.0.0.0/1 via 192.1.3.254 dev eth1 src 192.0.2.100 default via 192.1.3.254 dev eth1 128.0.0.0/1 via 192.1.3.254 dev eth1 src 192.0.2.100 192.0.3.0/24 dev eth0 proto kernel scope link src 192.0.3.254 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.33 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Libreswan test CA for mainca - Libreswan CT,, east P,, east-ec P,, hashsha1 P,, nic P,, north u,u,u road P,, west P,, west-ec P,, north # ../bin/check-for-core.sh north # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi