road # TESTNAME=`basename $PWD` road # export TESTNAME road # /testing/guestbin/swan-prep --testname $TESTNAME --hostname road --x509 swan-prep running on road for test xauth-pluto-15 with userland libreswan Preparing X.509 NSS files road # hostname road.uml.freeswan.org road # netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.1.3.254 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 192.1.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 road # ipsec setup stop Redirecting to: systemctl stop ipsec.service road # pidof pluto >/dev/null && killall pluto 2> /dev/null road # rm -fr /var/run/pluto/pluto.pid road # PATH/libexec/ipsec/_stackmanager stop road # PATH/libexec/ipsec/_stackmanager start [ 00.00] AVX instructions are not detected. [ 00.00] AVX instructions are not detected. [ 00.00] registered KLIPS /proc/sys/net [ 00.00] ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0 [ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0) [ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=253 name=cbc(twofish) keyminbits=128 keymaxbits=256, found(0) [ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=252 name=cbc(serpent) keyminbits=128 keymaxbits=256, found(0) [ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=6 name=cbc(cast5) keyminbits=128 keymaxbits=128, found(0) [ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=7 name=cbc(blowfish) keyminbits=96 keymaxbits=448, found(0) [ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0) [ 00.00] road # ipsec setup start road # /testing/pluto/bin/wait-until-pluto-started road # ipsec auto --add modecfg-road-east road # echo done done road # ipsec whack --xauthname 'use3' --xauthpass 'use1pass' --name modecfg-road-east --initiate 002 "modecfg-road-east" #1: initiating Main Mode 104 "modecfg-road-east" #1: STATE_MAIN_I1: initiate 002 "modecfg-road-east" #1: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] 003 "modecfg-road-east" #1: ignoring unknown Vendor ID payload [4f454e7b5e5c527454637d70] 003 "modecfg-road-east" #1: received Vendor ID payload [Dead Peer Detection] 003 "modecfg-road-east" #1: received Vendor ID payload [XAUTH] 002 "modecfg-road-east" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 106 "modecfg-road-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2 002 "modecfg-road-east" #1: I am sending my cert 002 "modecfg-road-east" #1: I am sending a certificate request 002 "modecfg-road-east" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 108 "modecfg-road-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3 003 "modecfg-road-east" #1: received Vendor ID payload [CAN-IKEv2] 002 "modecfg-road-east" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing@libreswan.org' 002 "modecfg-road-east" #1: no crl from issuer "C=ca, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" found (strict=no) 002 "modecfg-road-east" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 004 "modecfg-road-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=oakley_3des_cbc_192 integ=sha group=MODP1536} 041 "modecfg-road-east" #1: modecfg-road-east prompt for Username: 040 "modecfg-road-east" #1: modecfg-road-east prompt for Password: 002 "modecfg-road-east" #1: XAUTH: Answering XAUTH challenge with user='use3' 002 "modecfg-road-east" #1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 004 "modecfg-road-east" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set 002 "modecfg-road-east" #1: XAUTH: Successfully Authenticated 002 "modecfg-road-east" #1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 004 "modecfg-road-east" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set 002 "modecfg-road-east" #1: modecfg: Sending IP request (MODECFG_I1) 002 "modecfg-road-east" #1: received mode cfg reply 002 "modecfg-road-east" #1: setting client address to 192.0.2.100/32 002 "modecfg-road-east" #1: setting ip source address to 192.0.2.100/32 002 "modecfg-road-east" #1: Received DNS 1.2.3.4, len=7 002 "modecfg-road-east" #1: Received DNS 5.6.7.8, len=7 002 "modecfg-road-east" #1: transition from state STATE_MODE_CFG_I1 to state STATE_MAIN_I4 004 "modecfg-road-east" #1: STATE_MAIN_I4: ISAKMP SA established 002 "modecfg-road-east" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV2_ALLOW+ModeCFGDNS1+ModeCFGWINS1 117 "modecfg-road-east" #2: STATE_QUICK_I1: initiate 002 "modecfg-road-east" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 004 "modecfg-road-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode road # ping -n -c 4 -I 192.0.2.209 192.0.2.254 bind: Cannot assign requested address road # echo done. done. road #