/testing/guestbin/swan-prep --x509 Preparing X.509 files ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# # ensure that clear text does not get through ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ipsec start Redirecting to: namespaces direct start via ipsec pluto ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# /testing/pluto/bin/wait-until-pluto-started ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ipsec auto --add west 002 added IKEv2 connection "west" ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# echo "initdone" initdone ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ipsec whack --impair suppress-retransmits ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ipsec auto --up west 181 "west" #1: initiating IKEv2 connection 002 "west" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 181 "west" #1: sent IKE_SA_INIT request 002 "west" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 182 "west" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA 002 "west" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' 003 "west" #1: authenticated using RSA with SHA2_512 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: route-client output: Error: Peer netns reference is invalid. 002 "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] 004 "west" #2: IPsec SA established tunnel mode {ESP=>0xa7eec9f4 <0x7aba8c91 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ping -n -c 2 -I 192.0.1.254 192.0.2.254 PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. 64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.084 ms 64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.070 ms --- 192.0.2.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1033ms rtt min/avg/max/mdev = 0.070/0.077/0.084/0.007 ms ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# sleep 50 ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ping -n -c 2 -I 192.0.1.254 192.0.2.254 PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. 64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.049 ms 64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.063 ms --- 192.0.2.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1020ms rtt min/avg/max/mdev = 0.049/0.056/0.063/0.007 ms ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# grep reauthentication /tmp/pluto.log "west" #1: initiate reauthentication of IKE SA ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# echo done done ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth]# ipsec whack --trafficstatus whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-20-ikesa-reauth[root@west ikev2-20-ikesa-reauth 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec whack --trafficstatus' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'ipsec status | grep "STATE_"' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<