/testing/guestbin/swan-prep west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # echo "initdone" initdone west # # wait for the connection to come up west # ../../pluto/bin/wait-for.sh --match westnet-eastnet-auto -- ipsec whack --trafficstatus 006 #2: "westnet-eastnet-auto", type=ESP, add_time=1234567890, inBytes=0, outBytes=0, id='@east' west # # ensure that clear text does not get through west # iptables -A INPUT -i eth1 -m policy --dir in --pol none -s 192.0.2.0/24 -j DROP west # iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT west # # We expect ping to be encrypted and work; we should see non-zero west # # traffic counters west # ../../pluto/bin/ping-once.sh --up -I 192.0.1.254 192.0.2.254 up west # ipsec whack --trafficstatus 006 #2: "westnet-eastnet-auto", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' west # # sending delete/notify should cause east to re-initiate west # ipsec auto --down westnet-eastnet-auto 002 "westnet-eastnet-auto": terminating SAs using this connection 002 "westnet-eastnet-auto" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) and sending notification 005 "westnet-eastnet-auto" #2: ESP traffic information: in=84B out=84B 002 "westnet-eastnet-auto" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) and sending notification west # # give Delete/Notify some time; traffic counters on the new IPsec SA west # # should be 0 west # ../../pluto/bin/wait-for.sh --match 'westnet-eastnet-auto.*inBytes=0' -- ipsec whack --trafficstatus 006 #4: "westnet-eastnet-auto", type=ESP, add_time=1234567890, inBytes=0, outBytes=0, id='@east' west # # A new IPsec SA should be established (older versions would be dead for 30 seconds) west # ../../pluto/bin/ping-once.sh --up -I 192.0.1.254 192.0.2.254 up west # ipsec whack --trafficstatus 006 #4: "westnet-eastnet-auto", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@east' west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi west #