Starting UML PATH/start.sh
spawn PATH single
Linux version XXXX
On node 0 totalpages: 8192
Kernel command line:
Calibrating delay loop... XXXX bogomips
Dentry-cache hash table entries: NUMBERS
Inode-cache hash table entries: NUMBERS
Mount-cache hash table entries: NUMBERS
Buffer-cache hash table entries: NUMBERS
Page-cache hash table entries: NUMEBRS
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
VFS: Diskquotas version dquot_6.4.0 initialized
devfs: VERSION Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options Q
pty: 256 Unix98 ptys configured
SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
loop: loaded (max 8 devices)
PPP generic driver version VERSION
Universal TUN/TAP device driver VERSION

NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 2048)
IPv4 over IPv4 tunneling driver
GRE over IPv4 tunneling driver
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Mounted devfs on /dev
INIT: version 2.78 booting
Activating swap...
Calculating module dependancies
done.
Loading modules: LIST

Checking all file systems...
Parallelizing fsck version 1.18 (11-Nov-1999)
Setting kernel variables.
Mounting local filesystems...
/dev/shm on /tmp type tmpfs (rw)
/dev/shm on /var/run type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0622)
none on /usr/share type hostfs (ro)
Enabling packet forwarding: done.
Configuring network interfaces: done.
Cleaning: /tmp /var/lock /var/run.
Initializing random number generator... done.
Recovering nvi editor sessions... done.
Give root password for maintenance
(or type Control-D for normal startup): 
east:~#
 klogd -c 4 -x -f /tmp/klog.log
east:~#
 set +o emacs
east:~#
 ICP=/testing/scripts/ipsec.conf.pairs
east:~#
 export PATH="$ICP/bin:$PATH"
east:~#
 cd $ICP
east:/testing/scripts/ipsec.conf.pairs# ipsec setup start
ipsec_setup: Starting FreeS/WAN IPsec VERSION
east:/testing/scripts/ipsec.conf.pairs# cat /var/run/pluto/ipsec.info
defaultroutephys=eth1
defaultroutevirt=ipsec0
defaultrouteaddr=192.1.2.23
defaultroutenexthop=192.1.2.254
east:/testing/scripts/ipsec.conf.pairs# ( cd oe-behind ; drill ; differ+ ; cd .. ; )
++ ipsec setup --config v2 --showonly start
++ ipsec setup --config v2 --showonly stop
++ ipsec _confread --config v2 --search auto route
++ auto v2 ignore ignore -
++ ipsec _confread --config v2 --varprefix YYZ --search auto ignore
++ . /tmp/list.ignore.v2
+++ YYZ_confreadnames=
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' X- '!=' X- -a -z '' -a -n '' ']'
++ auto v2 manual manual -
++ ipsec _confread --config v2 --varprefix YYZ --search auto manual
++ . /tmp/list.manual.v2
+++ YYZ_confreadnames=
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' X- '!=' X- -a -z '' -a -n '' ']'
++ auto v2 add 'add route start' add
++ ipsec _confread --config v2 --varprefix YYZ --search auto add route start
++ . /tmp/list.add.v2
+++ YYZ_confreadnames=packetdefault block clear-or-private clear private-or-clear-behind private-or-clear private
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' Xadd '!=' X- -a -z '' -a -n 'packetdefault block clear-or-private clear private-or-clear-behind private-or-clear private' ']'
++ ipsec auto --showonly --config v2 --add packetdefault
++ ipsec auto --showonly --config v2 --add block
++ ipsec auto --showonly --config v2 --add clear-or-private
++ ipsec auto --showonly --config v2 --add clear
++ ipsec auto --showonly --config v2 --add private-or-clear-behind
++ ipsec auto --showonly --config v2 --add private-or-clear
++ ipsec auto --showonly --config v2 --add private
++ auto v2 route 'route start' route
++ ipsec _confread --config v2 --varprefix YYZ --search auto route start
++ . /tmp/list.route.v2
+++ YYZ_confreadnames=packetdefault block clear-or-private clear private-or-clear-behind private-or-clear private
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' Xroute '!=' X- -a -z '' -a -n 'packetdefault block clear-or-private clear private-or-clear-behind private-or-clear private' ']'
++ ipsec auto --showonly --config v2 --route packetdefault
++ ipsec auto --showonly --config v2 --route block
++ ipsec auto --showonly --config v2 --route clear-or-private
++ ipsec auto --showonly --config v2 --route clear
++ ipsec auto --showonly --config v2 --route private-or-clear-behind
++ ipsec auto --showonly --config v2 --route private-or-clear
++ ipsec auto --showonly --config v2 --route private
++ auto v2 start start up
++ ipsec _confread --config v2 --varprefix YYZ --search auto start
++ . /tmp/list.start.v2
+++ YYZ_confreadnames=
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' Xup '!=' X- -a -z '' -a -n '' ']'
diff -u auto.add.v1 /tmp/auto.add.v2
@@ -1,16 +1,56 @@
 PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
 export PATH
-ipsec whack --name OEnet --encrypt --tunnel --pfs --ikelifetime "3600" --rsasig \
-	--host "192.1.2.45" --client "192.0.2.0/24" --nexthop "192.1.2.254" --updown "ipsec _updown"  --dnskeyondemand \
+ipsec whack --name packetdefault --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45" --client "0.0.0.0/0" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
 	--to --host "%opportunistic"  --nexthop "%direct" --updown "ipsec _updown"   \
 	--ipseclifetime "3600" --rekeymargin "540" \
 	--keyingtries "3"  --dontrekey  \
 	|| exit $?
 PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
 export PATH
-ipsec whack --name OEself --encrypt --tunnel --pfs --ikelifetime "3600" --rsasig \
-	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown"  --dnskeyondemand \
-	--to --host "%opportunistic"  --nexthop "%direct" --updown "ipsec _updown"   \
+ipsec whack --name block --reject --pfs  \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%group"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "28800" --rekeymargin "540" \
+	--keyingtries "0"    \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name clear-or-private --encrypt --pass --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name clear --pass --pfs  \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%group"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "28800" --rekeymargin "540" \
+	--keyingtries "0"    \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name private-or-clear-behind --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45" --client "192.0.2.0/24" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name private-or-clear --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name private --encrypt --tunnel --faildrop --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
 	--ipseclifetime "3600" --rekeymargin "540" \
 	--keyingtries "3"  --dontrekey  \
 	|| exit $?
diff -u auto.route.v1 /tmp/auto.route.v2
@@ -1,2 +1,7 @@
-ipsec whack --name OEnet --route
-ipsec whack --name OEself --route
+ipsec whack --name packetdefault --route
+ipsec whack --name block --route
+ipsec whack --name clear-or-private --route
+ipsec whack --name clear --route
+ipsec whack --name private-or-clear-behind --route
+ipsec whack --name private-or-clear --route
+ipsec whack --name private --route
diff -u confread.search.route.v1 /tmp/confread.search.route.v2
@@ -1,3 +1,8 @@
-=	OEnet	
-=	OEself	
+=	packetdefault	
+=	block	
+=	clear-or-private	
+=	clear	
+=	private-or-clear-behind	
+=	private-or-clear	
+=	private	
 !		
diff -u list.add.v1 /tmp/list.add.v2
@@ -1,4 +1,4 @@
-YYZ_confreadnames="OEnet OEself"
+YYZ_confreadnames="packetdefault block clear-or-private clear private-or-clear-behind private-or-clear private"
 export YYZ_confreadnames
 YYZ_confreadstatus=""
 export YYZ_confreadstatus
diff -u list.ignore.v1 /tmp/list.ignore.v2
diff -u list.manual.v1 /tmp/list.manual.v2
diff -u list.route.v1 /tmp/list.route.v2
@@ -1,4 +1,4 @@
-YYZ_confreadnames="OEnet OEself"
+YYZ_confreadnames="packetdefault block clear-or-private clear private-or-clear-behind private-or-clear private"
 export YYZ_confreadnames
 YYZ_confreadstatus=""
 export YYZ_confreadstatus
diff -u list.start.v1 /tmp/list.start.v2
diff -u setup.start.out.v1 /tmp/setup.start.out.v2
@@ -7,8 +7,8 @@
 ipsec_setup: 	 echo $$ > /var/run/pluto/ipsec_setup.pid
 ipsec_setup: 	 test -s /var/run/pluto/ipsec_setup.pid || { echo "...unable to create /var/run/pluto/ipsec_setup.pid, aborting start!" ; rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
 ipsec_setup: 	 > /var/run/pluto/ipsec.info
-ipsec_setup: 	 ipsec _startklips --info /var/run/pluto/ipsec.info --debug "" --omtu "" --fragicmp "" --hidetos "" --default "drop" --log "daemon.error" %defaultroute || { rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
-ipsec_setup: 	 test -f /proc/net/ipsec_version || { echo "OOPS, should have aborted!  Broken shell!" ; exit 1 ; }
+ipsec_setup: 	 ipsec _startklips --info /var/run/pluto/ipsec.info --debug "" --omtu "" --fragicmp "" --hidetos "" --log "daemon.error" %defaultroute || { rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
+ipsec_setup: 	 test -f /proc/net/ipsec_version || test -f /proc/net/pfkey || { echo "OOPS, should have aborted!  Broken shell!" ; exit 1 ; }
 ipsec_setup: 	 test -d /var/lock/subsys && touch /var/lock/subsys/ipsec
 ipsec_setup: 	 ipsec _plutorun --debug "" --uniqueids "yes" --dump "" --wait "no" --pre "" --post "" --log "daemon.error" --pid "/var/run/pluto/pluto.pid" || { ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ; test "X$ifl" != "X" && for i in $ifl ; do ifconfig $i down ; ipsec tncfg --detach --virtual $i ; done ; test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ; ipsec eroute --clear ; ipsec spi --clear ; lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec ; rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
 ipsec_setup: 	 echo "...FreeS/WAN IPsec started" | logger -p daemon.error -t ipsec_setup
diff -u setup.stop.out.v1 /tmp/setup.stop.out.v2
east:/testing/scripts/ipsec.conf.pairs# ipsec setup stop
ipsec_setup: Stopping FreeS/WAN IPsec...
IPSEC EVENT: KLIPS device ipsec0 shut down.
east:/testing/scripts/ipsec.conf.pairs# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log
klogd 1.3-3#33.1, log source = /proc/kmsg started.
east:/testing/scripts/ipsec.conf.pairs# halt -p -f
Power down.

