/testing/guestbin/swan-prep ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # confirm that the network is alive ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254 destination -I 192.0.1.254 192.0.2.254 is alive ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # ensure that clear text does not get through ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # confirm clear text does not get through ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254 ==== cut ==== ping -q -n -c 1 -i 2 -w 1 -I 192.0.1.254 192.0.2.254 ==== tuc ==== ==== cut ==== PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data. --- 192.0.2.254 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms ==== tuc ==== down ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ipsec start Redirecting to: namespaces direct start via ipsec pluto ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# /testing/pluto/bin/wait-until-pluto-started ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ipsec auto --add westnet-eastnet-ipv4-psk-ikev2 002 added IKEv2 connection "westnet-eastnet-ipv4-psk-ikev2" ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# echo "initdone" initdone ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # this should fail ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ipsec auto --up westnet-eastnet-ipv4-psk-ikev2 #retransmits 181 "westnet-eastnet-ipv4-psk-ikev2" #1: initiating IKEv2 connection 181 "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_SA_INIT request 182 "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 0.5 seconds for response 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 1 seconds for response 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 2 seconds for response 010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 4 seconds for response ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # the state should have been deleted, but replaced via EVENT_SA_REPLACE with a new state trying ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # if no STATE_s show up, this test failed ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ipsec status |grep STATE_ || echo "test failed, all states went away" whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) test failed, all states went away ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# # only one pending CHILD SA event should show up ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries]# ipsec status |egrep "STATE_|pending" whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-26-keyingtries[root@west ikev2-26-keyingtries 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 westrun.sh 'ipsec status |egrep "STATE_|pending"' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<