/testing/guestbin/swan-prep west # # confirm that the network is alive west # ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254 destination -I 192.0.1.254 192.0.2.254 is alive west # # ensure that clear text does not get through west # iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP west # iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT west # # confirm clear text does not get through west # ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254 down west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # ipsec auto --add westnet-eastnet-ipv4-psk-ikev2 002 added IKEv2 connection "westnet-eastnet-ipv4-psk-ikev2" west # echo "initdone" initdone west # # this should fail west # ipsec auto --up westnet-eastnet-ipv4-psk-ikev2 #retransmits 1v2 "westnet-eastnet-ipv4-psk-ikev2" #1: initiating IKEv2 connection 1v2 "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_SA_INIT request 1v2 "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 0.5 seconds for response 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 1 seconds for response 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 2 seconds for response 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 4 seconds for response west # # the state should have been deleted, but replaced via EVENT_SA_REPLACE with a new state trying west # # if no STATE_s show up, this test failed west # ipsec status |grep STATE_ || echo "test failed, all states went away" whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) test failed, all states went away west # # only one pending CHILD SA event should show up west # ipsec status |egrep "STATE_|pending" whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) west # echo done done west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi west #