road #
 TESTNAME=`basename $PWD`
road #
 export TESTNAME
road #
 /testing/guestbin/swan-prep --testname $TESTNAME --hostname road --x509
swan-prep running on road for test xauth-pluto-15 with userland libreswan
Preparing X.509 NSS files
road #
 hostname road.uml.freeswan.org
road #
 netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.1.3.254     0.0.0.0         UG        0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.1.3.0       0.0.0.0         255.255.255.0   U         0 0          0 eth0
road #
 ipsec setup stop
Redirecting to: systemctl stop ipsec.service
road #
 pidof pluto >/dev/null && killall pluto 2> /dev/null
road #
 rm -fr /var/run/pluto/pluto.pid
road #
 /usr/local/libexec/ipsec/_stackmanager stop
road #
 /usr/local/libexec/ipsec/_stackmanager start
[ 00.00] AVX instructions are not detected.
[ 00.00] AVX instructions are not detected.
[ 00.00] NET: Registered protocol family 15
[ 00.00] registered KLIPS /proc/sys/net
[ 00.00] ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=253 name=cbc(twofish) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=252 name=cbc(serpent) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=6 name=cbc(cast5) keyminbits=128 keymaxbits=128, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=7 name=cbc(blowfish) keyminbits=96 keymaxbits=448, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0)
[ 00.00] 
road #
 /usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf
road #
 /testing/pluto/bin/wait-until-pluto-started
road #
 ipsec auto --add modecfg-road-east
road #
 echo done
done
road #
 ipsec whack --xauthname 'use3' --xauthpass 'use1pass' --name modecfg-road-east --initiate
002 "modecfg-road-east" #1: initiating Main Mode
104 "modecfg-road-east" #1: STATE_MAIN_I1: initiate
002 "modecfg-road-east" #1: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
003 "modecfg-road-east" #1: ignoring unknown Vendor ID payload [4f454e7b5e5c527454637d70]
003 "modecfg-road-east" #1: received Vendor ID payload [Dead Peer Detection]
003 "modecfg-road-east" #1: received Vendor ID payload [XAUTH]
002 "modecfg-road-east" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "modecfg-road-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "modecfg-road-east" #1: I am sending my cert
002 "modecfg-road-east" #1: I am sending a certificate request
002 "modecfg-road-east" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "modecfg-road-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "modecfg-road-east" #1: received Vendor ID payload [CAN-IKEv2]
002 "modecfg-road-east" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing@libreswan.org'
002 "modecfg-road-east" #1: no crl from issuer "C=ca, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" found (strict=no)
002 "modecfg-road-east" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "modecfg-road-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}
041 "modecfg-road-east" #1: modecfg-road-east prompt for Username:
040 "modecfg-road-east" #1: modecfg-road-east prompt for Password:
002 "modecfg-road-east" #1: XAUTH: Answering XAUTH challenge with user='use3'
002 "modecfg-road-east" #1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "modecfg-road-east" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "modecfg-road-east" #1: XAUTH: Successfully Authenticated
002 "modecfg-road-east" #1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "modecfg-road-east" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "modecfg-road-east" #1: modecfg: Sending IP request (MODECFG_I1)
002 "modecfg-road-east" #1: received mode cfg reply
002 "modecfg-road-east" #1: setting client address to 192.0.2.100/32
002 "modecfg-road-east" #1: setting ip source address to 192.0.2.100/32
002 "modecfg-road-east" #1: Received DNS 1.2.3.4, len=7
002 "modecfg-road-east" #1: Received DNS 5.6.7.8, len=7
002 "modecfg-road-east" #1: transition from state STATE_MODE_CFG_I1 to state STATE_MAIN_I4
004 "modecfg-road-east" #1: STATE_MAIN_I4: ISAKMP SA established
002 "modecfg-road-east" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFGPULL+IKEv2ALLOW+ModeCFGDNS1+ModeCFGWINS1
117 "modecfg-road-east" #2: STATE_QUICK_I1: initiate
002 "modecfg-road-east" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "modecfg-road-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
road #
 ping -n -c 4 -I 192.0.2.209 192.0.2.254
bind: Cannot assign requested address
road #
 echo done.
done.
road #

