east:~# named east:~# dig road.uml.freeswan.org. key ; <<>> DiG VERSION<<>> road.uml.freeswan.org. key ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;road.uml.freeswan.org. IN KEY ;; ANSWER SECTION: road.uml.freeswan.org. 604800 IN KEY 16896 4 1 AQNxbOBmDqiNrUmn5q4kzBQ6I6pW/g2c8iDh3Y/KDtELBC6G0dASaaa9 5lV0cZT2kla681hVLzRF4MUCmFkH5ih514Nrwc5aptte49/70Wotqcbv AhXeBX0zbg78gUPaT7CcUEAYxHoqHubao4mmfWlSrOnpf4crE/q3J6zH +8Z3bfsTGnpThgfNCItHpH7jkHPUYDilHsk0Zfd5fxjVDbl8JbQoT3P1 KrdmpK7M1sXQhug12ocq8HlrXa3smJIq5b4T0rF+MYrThrNytNIEn53p huj6S8qmONin4usCqpUw50i2VqaBNQSY++/B57AqThFZNqt7TjqqT0CQ 7tPRELgXwRvWA04GDhqBHHWoOrLdsR0p ;; Query time: 25 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: DATE ;; MSG SIZE rcvd: SIZE east:~# ping -n -c 4 192.0.2.2 PING 192.0.2.2 (192.0.2.2): 56 data bytes 64 bytes from 192.0.2.2: icmp_seq=0 ttl=257 time=999 ms 64 bytes from 192.0.2.2: icmp_seq=1 ttl=257 time=999 ms 64 bytes from 192.0.2.2: icmp_seq=2 ttl=257 time=999 ms 64 bytes from 192.0.2.2: icmp_seq=3 ttl=257 time=999 ms --- 192.0.2.2 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms east:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION east:~# /testing/pluto/oe-road-01/policy-wait.sh east:~# ipsec auto --add private-or-clear east:~# ipsec auto --add us-private-or-clear east:~# ipsec auto --add us-private-or-clear-all east:~# ipsec whack --listen 002 listening for IKE messages 002 forgetting secrets 002 loading secrets from "/etc/ipsec.secrets" 002 loading group "/etc/ipsec.d/policies/us-private-or-clear-all" 002 loading group "/etc/ipsec.d/policies/us-private-or-clear" 002 loading group "/etc/ipsec.d/policies/private-or-clear" east:~# ipsec auto --route private-or-clear east:~# ipsec auto --route us-private-or-clear east:~# ipsec auto --route us-private-or-clear-all east:~# echo done done east:~# ipsec eroute 0 0.0.0.0/0 -> 0.0.0.0/0 => %trap 0 192.0.2.0/24 -> 0.0.0.0/0 => %trap 0 192.0.2.0/24 -> 192.0.1.0/24 => %trap 0 192.1.2.23/32 -> 192.0.1.0/24 => %trap east:~# ipsec whack --debug-dns --debug-control --debug-oppo --debug-controlmore east:~# : rekey the connection. east:~# ipsec whack --oppohere 192.0.2.2 --oppothere 192.1.3.213 002 rekeing existing instance "us-private-or-clear-all#0.0.0.0/0"[2] 192.0.2.2/32=== ...192.1.3.213, due to acquire 002 "us-private-or-clear-all#0.0.0.0/0"[2] 192.0.2.2/32=== ...192.1.3.213 #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+failurePASS 117 "us-private-or-clear-all#0.0.0.0/0"[2] 192.0.2.2/32=== ...192.1.3.213 #4: STATE_QUICK_I1: initiate 002 "us-private-or-clear-all#0.0.0.0/0"[2] 192.0.2.2/32=== ...192.1.3.213 #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 004 "us-private-or-clear-all#0.0.0.0/0"[2] 192.0.2.2/32=== ...192.1.3.213 #4: STATE_QUICK_I2: sent QI2, IPsec SA established east:~# east:~# east:~# : ==== start ==== east:~# ipsec setup stop IPSEC EVENT: KLIPS device ipsec0 shut down. ipsec_setup: Stopping Libreswan IPsec... east:~# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log klogd 1.3-3#33.1, log source = /proc/kmsg started. east:~# halt -p -f Power down.