/testing/guestbin/swan-prep
west #
 # confirm that the network is alive
west #
 ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec auto --add westnet-eastnet-ipv4-psk-ikev2
002 added IKEv2 connection "westnet-eastnet-ipv4-psk-ikev2"
west #
 echo "initdone"
initdone
west #
 # this should fail
west #
 ipsec auto --up westnet-eastnet-ipv4-psk-ikev2 #retransmits
1v2 "westnet-eastnet-ipv4-psk-ikev2" #1: initiating IKEv2 connection
1v2 "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_SA_INIT request
1v2 "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 0.5 seconds for response
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 1 seconds for response
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 2 seconds for response
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 4 seconds for response
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 8 seconds for response
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 16 seconds for response
010 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: retransmission; will wait 32 seconds for response
031 "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: 60 second timeout exceeded after 7 retransmits.  Possible authentication failure: no acceptable response to our first encrypted message
000 "westnet-eastnet-ipv4-psk-ikev2" #2: starting keying attempt 2 of an unlimited number, but releasing whack
west #
 # the state should have been deleted, but replaced via EVENT_SA_REPLACE with a new state trying
west #
 # if no STATE_s show up, this test failed
west #
 ipsec status |grep STATE_  || echo "test failed, all states went away"
000 #3: "westnet-eastnet-ipv4-psk-ikev2":500 STATE_PARENT_I2 (sent IKE_AUTH request); EVENT_SA_REPLACE in XXs; idle;
000 #4: "westnet-eastnet-ipv4-psk-ikev2":500 STATE_PARENT_I2 (sent IKE_AUTH request); EVENT_RETRANSMIT in XXs; idle;
west #
 # only one pending CHILD SA event should show up
west #
 ipsec status |egrep "STATE_|pending"
000 #3: "westnet-eastnet-ipv4-psk-ikev2":500 STATE_PARENT_I2 (sent IKE_AUTH request); EVENT_SA_REPLACE in XXs; idle;
000 #3: pending CHILD SA for "westnet-eastnet-ipv4-psk-ikev2"
000 #4: "westnet-eastnet-ipv4-psk-ikev2":500 STATE_PARENT_I2 (sent IKE_AUTH request); EVENT_RETRANSMIT in XXs; idle;
west #
 echo done
done
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
west #