/testing/guestbin/swan-prep
road #
 ipsec setup start
[ 00.00] registered KLIPS /proc/sys/net
[ 00.00] ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=253 name=cbc(twofish) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=252 name=cbc(serpent) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=6 name=cbc(cast5) keyminbits=128 keymaxbits=128, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0)
[ 00.00] KLIPS: lookup for ciphername=cipher_null: not found
[ 00.00] 
Redirecting to: systemctl start ipsec.service
[ 00.00] 
road #
 /testing/pluto/bin/wait-until-pluto-started
road #
 ipsec auto --add xauth-road-eastnet-psk
road #
 echo "initdone"
initdone
road #
 ipsec auto --add xauth-road-eastnet-psk
road #
 ipsec whack --xauthname 'use2' --xauthpass 'use1pass' --name xauth-road-eastnet-psk --initiate
003 "xauth-road-eastnet-psk" #1: multiple DH groups were set in aggressive mode. Only first one used.
003 "xauth-road-eastnet-psk" #1: transform (OAKLEY_3DES_CBC,OAKLEY_SHA1,OAKLEY_GROUP_MODP1024 keylen 0) ignored.
002 "xauth-road-eastnet-psk" #1: initiating Aggressive Mode #1, connection "xauth-road-eastnet-psk"
003 "xauth-road-eastnet-psk" #1: multiple DH groups were set in aggressive mode. Only first one used.
003 "xauth-road-eastnet-psk" #1: transform (OAKLEY_3DES_CBC,OAKLEY_SHA1,OAKLEY_GROUP_MODP1024 keylen 0) ignored.
112 "xauth-road-eastnet-psk" #1: STATE_AGGR_I1: initiate
003 "xauth-road-eastnet-psk" #1: received Vendor ID payload [Dead Peer Detection]
003 "xauth-road-eastnet-psk" #1: received Vendor ID payload [RFC 3947]
002 "xauth-road-eastnet-psk" #1: Aggressive mode peer ID is ID_USER_FQDN: '@east'
003 "xauth-road-eastnet-psk" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
004 "xauth-road-eastnet-psk" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=PRESHARED_KEY cipher=oakley_3des_cbc_192 integ=sha group=MODP1536}
002 "xauth-road-eastnet-psk" #1: Dead Peer Detection (RFC 3706): enabled
041 "xauth-road-eastnet-psk" #1: xauth-road-eastnet-psk prompt for Username:
040 "xauth-road-eastnet-psk" #1: xauth-road-eastnet-psk prompt for Password:
002 "xauth-road-eastnet-psk" #1: XAUTH: Answering XAUTH challenge with user='use2'
004 "xauth-road-eastnet-psk" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "xauth-road-eastnet-psk" #1: Dead Peer Detection (RFC 3706): enabled
003 "xauth-road-eastnet-psk" #1: XAUTH: Successfully Authenticated
004 "xauth-road-eastnet-psk" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "xauth-road-eastnet-psk" #1: Dead Peer Detection (RFC 3706): enabled
002 "xauth-road-eastnet-psk" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
117 "xauth-road-eastnet-psk" #2: STATE_QUICK_I1: initiate
002 "xauth-road-eastnet-psk" #2: Dead Peer Detection (RFC 3706): enabled
004 "xauth-road-eastnet-psk" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=active XAUTHuser=use2}
road #
 # let a few DPD probes happen
road #
 sleep 10
road #
 ipsec auto --up xauth-road-eastnet-psk
117 "xauth-road-eastnet-psk" #3: STATE_QUICK_I1: initiate
004 "xauth-road-eastnet-psk" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=active XAUTHuser=use2}
road #
 sleep 10
road #
 echo done
done
road #
 ipsec look
road NOW
192.1.3.209/32     -> 192.0.2.0/24       => tun0xIPIP@192.1.2.23 esp0xESPSPI@192.1.2.23
ipsec0->eth0 mtu=16260(9999)->1500
tun0xTUN#@192.1.2.23 IPIP: dir=out src=192.1.3.209 jiffies=0123456789 natencap=none natsport=0 natdport=0   refhim=0
esp0xSPISPI@192.1.2.23 ESP_AES_HMAC_SHA1: dir=out src=192.1.3.209 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=64 alen=160 aklen=160 eklen=128 jiffies=0123456789 natencap=none natsport=0 natdport=0   refhim=0
esp0xSPISPI@192.1.3.209 ESP_AES_HMAC_SHA1: dir=in  src=192.1.2.23 iv_bits=128bits iv=0xIVISFORRANDOM000IVISFORRANDOM000 ooowin=64 alen=160 aklen=160 eklen=128 jiffies=0123456789 natencap=none natsport=0 natdport=0   refhim=5
tun0xTUN#@192.1.3.209 IPIP: dir=in  src=192.1.2.23 policy=192.0.2.0/24->192.1.3.209/32 flags=0x8<> jiffies=0123456789 natencap=none natsport=0 natdport=0   refhim=5
ROUTING TABLES
default via 192.1.3.254 dev eth0 
169.254.0.0/16 dev eth0  scope link  metric 1002 
192.0.2.0/24 dev ipsec0  scope link 
192.1.3.0/24 dev eth0  proto kernel  scope link  src 192.1.3.209 
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
road #
road #
 if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv /tmp/core* OUTPUT/; fi
road #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

