/testing/guestbin/swan-prep ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ../../pluto/bin/wait-until-alive 192.0.2.254 destination 192.0.2.254 is alive ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# iptables -A INPUT -i eth0 -s 192.0.2.254 -p icmp -j DROP ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ../../pluto/bin/ping-once.sh --down 192.0.2.254 ==== cut ==== ping -q -n -c 1 -i 2 -w 1 192.0.2.254 ==== tuc ==== ==== cut ==== PING 192.0.2.254 (192.0.2.254) 56(84) bytes of data. --- 192.0.2.254 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms ==== tuc ==== down ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ipsec start Redirecting to: namespaces direct start via ipsec pluto ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# /testing/pluto/bin/wait-until-pluto-started ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ip route get to 192.1.2.23 192.1.2.23 via 192.1.3.254 dev eth0 src 192.1.3.209 uid 0 cache ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# # this test need --verbose to see source address selection ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ipsec auto --add --verbose road opening file: /etc/ipsec.conf debugging mode enabled end of file /etc/ipsec.conf Loading conn road while loading conn 'road' also including 'rw-eastnet' starter: left is KH_DEFAULTROUTE Loading conn east while loading conn 'east' also including 'rw-eastnet' connection's leftaddresspool set to: 192.0.3.1-192.0.3.200 Loading conn rw-eastnet starter: left is KH_NOTSET loading named conns: road seeking_src = 1, seeking_gateway = 1, has_peer = 1 seeking_src = 0, seeking_gateway = 1, has_dst = 1 dst via 192.1.3.254 dev eth0 src table 254 set nexthop: 192.1.3.254 dst 192.1.3.0 via dev eth0 src 192.1.3.209 table 254 dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored) dst 192.1.3.0 via dev eth0 src 192.1.3.209 table 255 (ignored) dst 192.1.3.209 via dev eth0 src 192.1.3.209 table 255 (ignored) dst 192.1.3.255 via dev eth0 src 192.1.3.209 table 255 (ignored) seeking_src = 1, seeking_gateway = 0, has_peer = 1 seeking_src = 1, seeking_gateway = 0, has_dst = 1 dst 192.1.3.254 via dev eth0 src 192.1.3.209 table 254 set addr: 192.1.3.209 seeking_src = 0, seeking_gateway = 0, has_peer = 1 conn: "road" modecfgdns= conn: "road" modecfgdomains= conn: "road" modecfgbanner= conn: "road" mark= conn: "road" mark-in= conn: "road" mark-out= conn: "road" vti_iface= conn: "road" redirect-to= conn: "road" accept-redirect-to= conn: "road" esp= conn: "road" ike= 002 added IKEv2 connection "road" ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# echo "initdone" initdone ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ipsec auto --up road 181 "road"[1] 192.1.2.23 #1: initiating IKEv2 connection 181 "road"[1] 192.1.2.23 #1: sent IKE_SA_INIT request 182 "road"[1] 192.1.2.23 #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "road"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_FQDN: '@east' 003 "road"[1] 192.1.2.23 #1: authenticated using authby=secret 002 "road"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.3.1 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. 002 "road"[1] 192.1.2.23 #2: negotiated connection [192.0.3.1-192.0.3.1:0-65535 0] -> [0.0.0.0-255.255.255.255:0-65535 0] 004 "road"[1] 192.1.2.23 #2: IPsec SA established tunnel mode {ESP=>0x0ea7ffef <0x4b9c8bbe xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ping6 -c 2 -w 4 192.0.2.254 ping6: 192.0.2.254: Address family for hostname not supported ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection 2]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 2 roadrun.sh 'ping6 -c 2 -w 4 192.0.2.254' <<<<<<<<< mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.0.3.1/32 scope 50 lo valid_lft forever preferred_lft forever 2: ip_vti0@NONE: mtu 1480 qdisc noop state DOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0 3: gre0@NONE: mtu 1476 qdisc noop state DOWN group default qlen 1000 link/gre 0.0.0.0 brd 0.0.0.0 4: gretap0@NONE: mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 5: erspan0@NONE: mtu 1450 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 2139: eth0@if2140: mtu 1500 qdisc noqueue state UP group default qlen 1000 Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. link/ether 12:00:00:ab:cd:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.1.3.209/24 scope global eth0 valid_lft forever preferred_lft forever ==== tuc ==== eth0 inet 192.1.3.209/24 lo inet 192.0.3.1/32 ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ip -6 route ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ip route get to 192.1.2.23 192.1.2.23 via 192.1.3.254 dev eth0 src 192.0.3.1 uid 0 cache ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# # ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# # addconn need a non existing --ctlsocket ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# # otherwise this add bring the connection down. ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# # ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# # see the source address selection when the tunnel is established ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ipsec auto --add --verbose --ctlsocket /run/pluto/foo road opening file: /etc/ipsec.conf debugging mode enabled end of file /etc/ipsec.conf Loading conn road while loading conn 'road' also including 'rw-eastnet' starter: left is KH_DEFAULTROUTE Loading conn east while loading conn 'east' also including 'rw-eastnet' connection's leftaddresspool set to: 192.0.3.1-192.0.3.200 Loading conn rw-eastnet starter: left is KH_NOTSET loading named conns: road seeking_src = 1, seeking_gateway = 1, has_peer = 1 seeking_src = 0, seeking_gateway = 1, has_dst = 1 dst 0.0.0.0 via 192.1.3.254 dev eth0 src 192.0.3.1 table 254 dst via 192.1.3.254 dev eth0 src table 254 set nexthop: 192.1.3.254 dst 128.0.0.0 via 192.1.3.254 dev eth0 src 192.0.3.1 table 254 dst 192.1.3.0 via dev eth0 src 192.1.3.209 table 254 dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored) dst 192.0.3.1 via dev lo src 192.0.3.1 table 255 (ignored) dst 192.1.3.0 via dev eth0 src 192.1.3.209 table 255 (ignored) dst 192.1.3.209 via dev eth0 src 192.1.3.209 table 255 (ignored) dst 192.1.3.255 via dev eth0 src 192.1.3.209 table 255 (ignored) seeking_src = 1, seeking_gateway = 0, has_peer = 1 seeking_src = 1, seeking_gateway = 0, has_dst = 1 dst 192.1.3.254 via dev eth0 src 192.1.3.209 table 254 set addr: 192.1.3.209 seeking_src = 0, seeking_gateway = 0, has_peer = 1 conn: "road" modecfgdns= conn: "road" modecfgdomains= conn: "road" modecfgbanner= conn: "road" mark= conn: "road" mark-in= conn: "road" mark-out= conn: "road" vti_iface= conn: "road" redirect-to= conn: "road" accept-redirect-to= conn: "road" esp= conn: "road" ike= connect(pluto_ctl) failed: No such file or directory ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection 255]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 255 roadrun.sh 'ipsec auto --add --verbose --ctlsocket /run/pluto/foo road' <<<<<<<<< 000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec 000 pluto_version=v4.1-88-gf1d1933837ef-main, pluto_vendorid=OE-Libreswan-v4.1-88, audit-log=yes 000 nhelpers=-1, uniqueids=yes, dnssec-enable=yes, logappend=no, logip=yes, shuntlifetime=900s, xfrmlifetime=30s 000 ddos-cookies-threshold=25000, ddos-max-halfopen=50000, ddos-mode=auto, ikev1-policy=accept 000 ikebuf=0, msg_errqueue=yes, crl-strict=no, crlcheckinterval=0, listen=, nflog-all=0 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri= 000 ocsp-trust-name= 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get 000 global-redirect=no, global-redirect-to= 000 secctx-attr-type=32001 000 debug: base+cpu-usage 000 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500 000 virtual-private (%priv): 000 000 Kernel algorithms supported: 000 000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256 000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256 000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128 000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384 000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512 000 algorithm AH/ESP auth: name=NONE, key-length=0 000 000 IKE algorithms supported: 000 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256 000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16 000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20 000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32 000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48 000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64 000 algorithm IKE PRF: name=AES_XCBC, hashlen=16 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192 000 algorithm IKE DH Key Exchange: name=DH19, bits=512 000 algorithm IKE DH Key Exchange: name=DH20, bits=768 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056 000 algorithm IKE DH Key Exchange: name=DH31, bits=256 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 Connection list: 000 000 "road": 192.1.3.209[@road,+MC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===0.0.0.0/0; unrouted; eroute owner: #0 000 "road": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "road": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "road": our auth:secret, their auth:secret 000 "road": modecfg info: us:client, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "road": policy_label:unset; 000 "road": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "road": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "road": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "road": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+IKE_FRAG_ALLOW+ESN_NO; 000 "road": v2-auth-hash-policy: none; 000 "road": conn_prio: 32,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "road": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "road": our idtype: ID_FQDN; our id=@road; their idtype: ID_FQDN; their id=@east 000 "road": dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "road": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $1; 000 "road"[1]: 192.0.3.1/32===192.1.3.209[@road,+MC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===0.0.0.0/0; erouted; eroute owner: #2 000 "road"[1]: oriented; my_ip=192.0.3.1; their_ip=unset; my_updown=ipsec _updown; 000 "road"[1]: xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "road"[1]: our auth:secret, their auth:secret 000 "road"[1]: modecfg info: us:client, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset; 000 "road"[1]: policy_label:unset; 000 "road"[1]: ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "road"[1]: retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "road"[1]: initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "road"[1]: policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+IKE_FRAG_ALLOW+ESN_NO; 000 "road"[1]: v2-auth-hash-policy: none; 000 "road"[1]: conn_prio: 32,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "road"[1]: nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "road"[1]: our idtype: ID_FQDN; our id=@road; their idtype: ID_FQDN; their id=@east 000 "road"[1]: dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "road"[1]: newest ISAKMP SA: #1; newest IPsec SA: #2; conn serial: $2, instantiated from: $1; 000 "road"[1]: IKEv2 algorithm newest: AES_GCM_16_256-HMAC_SHA2_512-MODP2048 000 "road"[1]: ESP algorithm newest: AES_GCM_16_256-NONE; pfsgroup= 000 000 Total IPsec connections: loaded 2, active 1 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0) 000 IPsec SAs: total(1), authenticated(1), anonymous(0) 000 000 #1: "road"[1] 192.1.2.23:500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EVENT_SA_REKEY in 2604s; newest ISAKMP; idle; 000 #2: "road"[1] 192.1.2.23:500 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA established); EVENT_SA_REKEY in 28045s; newest IPSEC; eroute owner; isakmp#1; idle; 000 #2: "road"[1] 192.1.2.23 esp.ea7ffef@192.1.2.23 esp.4b9c8bbe@192.1.3.209 tun.0@192.1.2.23 tun.0@192.1.3.209 Traffic: ESPin=0B ESPout=0B! ESPmax=0B 000 000 Bare Shunt list: 000 ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan statusall ; fi ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# : ==== tuc ==== ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# ../bin/check-for-core.sh ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi ]0;root@swantest:/home/build/libreswan/testing/pluto/ikev2-70-src-address-selection[root@road ikev2-70-src-address-selection 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<