road:~# TESTNAME=nat-transport-03 road:~# source /testing/pluto/bin/roadlocal.sh road:~# iptables -F INPUT road:~# iptables -F OUTPUT road:~# ping -n -c 4 192.0.2.254 PING 192.0.2.254 (192.0.2.254): 56 data bytes 64 bytes from 192.0.2.254: icmp_seq=0 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=1 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=2 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=3 ttl=257 time=999 ms --- 192.0.2.254 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms road:~# iptables -A INPUT -i eth0 -s 192.1.2.23 -p tcp --sport 3 -j REJECT road:~# iptables -A OUTPUT -o eth0 -d 192.1.2.23 -p tcp --dport 3 -j REJECT road:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION road:~# ipsec auto --add road--east-port3 road:~# ipsec auto --add road--east-pass road:~# ipsec whack --debug-control --debug-controlmore --debug-parsing --debug-crypt road:~# /testing/pluto/bin/wait-until-pluto-started road:~# echo done done road:~# ipsec auto --route road--east-pass road:~# ipsec auto --up road--east-port3 104 "road--east-port3" #1: STATE_MAIN_I1: initiate 003 "road--east-port3" #1: received Vendor ID payload [Libreswan 003 "road--east-port3" #1: received Vendor ID payload [Dead Peer Detection] 003 "road--east-port3" #1: received Vendor ID payload [RFC 3947] method set to=109 106 "road--east-port3" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "road--east-port3" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed 108 "road--east-port3" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "road--east-port3" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} 117 "road--east-port3" #2: STATE_QUICK_I1: initiate 004 "road--east-port3" #2: STATE_QUICK_I2: sent QI2, IPsec SA established road:~# telnet east-out 2 | wc -l Connection closed by foreign host. 834 road:~# telnet east-out 3 | wc -l Connection closed by foreign host. 30 road:~# echo done done road:~# road:~# road:~# if [ -f /tmp/core ]; then echo CORE FOUND; mv /tmp/core /var/tmp; fi road:~#