japan:~# set -x
japan:~# CFG="--config /testing/pluto/co-terminal-02/japan.conf" export CFG
+ CFG=--config /testing/pluto/co-terminal-02/japan.conf
+ export CFG
japan:~# : just for when we run it interactively 
+ : just for when we run it interactively
japan:~# ipsec setup $CFG stop
+ ipsec setup --config /testing/pluto/co-terminal-02/japan.conf stop
ipsec_setup: Stopping Libreswan IPsec...
ipsec_setup: stop ordered, but IPsec appears to be already stopped!
ipsec_setup: doing cleanup anyway...
japan:~# rndc stop >/dev/null 2>&1
+ rndc stop
japan:~# named
+ named
japan:~# : confirm that my key is present in DNS
+ : confirm that my key is present in DNS
japan:~# dig 2.1.0.192.in-addr.arpa. key
+ dig 2.1.0.192.in-addr.arpa. key

; <<>> DiG VERSION<<>> 2.1.0.192.in-addr.arpa. key
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;2.1.0.192.in-addr.arpa.		IN	KEY

;; ANSWER SECTION:
2.1.0.192.in-addr.arpa.	604800	IN	KEY	16896 4 1 AQOSRxzbj35bnNsMbTeQ81+tGulyaYNR0HHt25tzzSrCrQGm9YGMFpA4 50Aq/P3A/Tb4DO4qCX03M4aZZ6RpfToMPKxZQSPrOe0cv+lkCxf6IlA2 h2CG7b8m6slVOF/fOhQrnjDDusQiv0RZFSu6k4J3F8VndVXHAEPU9aF2 F7WIuQ==

;; AUTHORITY SECTION:
1.0.192.in-addr.arpa.	604800	IN	NS	NSSERVER
1.0.192.in-addr.arpa.	604800	IN	NS	NSSERVER

;; ADDITIONAL SECTION:
nic.uml.freeswan.org.	604800	IN	A	192.1.2.254
beet.uml.freeswan.org.	604800	IN	A	192.1.2.129

;; Query time: 25 msec
;; SERVER: 192.1.2.254#53(192.1.2.254)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

japan:~# dig japan.uml.freeswan.org. key
+ dig japan.uml.freeswan.org. key

; <<>> DiG VERSION<<>> japan.uml.freeswan.org. key
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;japan.uml.freeswan.org.		IN	KEY

;; ANSWER SECTION:
japan.uml.freeswan.org.	604800	IN	KEY	16896 4 1 AQOSRxzbj35bnNsMbTeQ81+tGulyaYNR0HHt25tzzSrCrQGm9YGMFpA4 50Aq/P3A/Tb4DO4qCX03M4aZZ6RpfToMPKxZQSPrOe0cv+lkCxf6IlA2 h2CG7b8m6slVOF/fOhQrnjDDusQiv0RZFSu6k4J3F8VndVXHAEPU9aF2 F7WIuQ==

;; AUTHORITY SECTION:
uml.freeswan.org.	604800	IN	NS	NSSERVER
uml.freeswan.org.	604800	IN	NS	NSSERVER

;; ADDITIONAL SECTION:
nic.root-servers.net.	604800	IN	A	192.1.2.254
carrot.uml.freeswan.org. 604800	IN	A	192.1.2.130

;; Query time: 25 msec
;; SERVER: 192.1.2.254#53(192.1.2.254)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

japan:~# ipsec setup $CFG start
+ ipsec setup --config /testing/pluto/co-terminal-02/japan.conf start
ipsec_setup: Starting Libreswan IPsec VERSION
japan:~# sleep 2
+ sleep 2
japan:~# ipsec eroute
+ ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
japan:~# /testing/pluto/co-terminal-02/eroutewait.sh trap
+ /testing/pluto/co-terminal-02/eroutewait.sh trap
japan:~# ipsec auto  $CFG --delete packetdefault
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --delete packetdefault
japan:~# ipsec auto  $CFG --add japan--wavesec
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --add japan--wavesec
japan:~# ipsec whack --listen
+ ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
japan:~# ipsec auto  $CFG --add clear
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --add clear
japan:~# ipsec whack --listen
+ ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loading group "/etc/ipsec.d/policies/clear"
japan:~# ipsec auto  $CFG --route clear
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --route clear
japan:~# /testing/pluto/co-terminal-02/eroutewait.sh pass
+ /testing/pluto/co-terminal-02/eroutewait.sh pass
japan:~# ipsec auto $CFG --up japan--wavesec
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --up japan--wavesec
104 "japan--wavesec" #1: STATE_MAIN_I1: initiate
003 "japan--wavesec" #1: received Vendor ID payload [Libreswan 
003 "japan--wavesec" #1: received Vendor ID payload [Dead Peer Detection]
106 "japan--wavesec" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "japan--wavesec" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "japan--wavesec" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
117 "japan--wavesec" #2: STATE_QUICK_I1: initiate
004 "japan--wavesec" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
japan:~# /testing/pluto/co-terminal-02/eroutewait.sh tun0
+ /testing/pluto/co-terminal-02/eroutewait.sh tun0
japan:~# ipsec eroute | sed -e 's/^[0-9]* /n /'
+ ipsec eroute
+ sed -e 's/^[0-9]* /n /'
n          192.0.1.2/32       -> 0.0.0.0/0          => tun0x1002@192.0.1.254
n          192.0.1.2/32       -> 192.1.2.129/32     => %pass
n          192.0.1.2/32       -> 192.1.2.130/32     => %pass
n          192.0.1.2/32       -> 192.1.2.254/32     => %pass
n          192.0.1.2/32       -> 192.1.3.254/32     => %pass
japan:~# ipsec whack --debug-oppo --debug-control --debug-controlmore 
+ ipsec whack --debug-oppo --debug-control --debug-controlmore
japan:~# ipsec auto  $CFG --add private-or-clear
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --add private-or-clear
japan:~# ipsec whack --listen
+ ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loading group "/etc/ipsec.d/policies/private-or-clear"
002 loading group "/etc/ipsec.d/policies/clear"
japan:~# ipsec auto  $CFG --route private-or-clear
+ ipsec auto --config /testing/pluto/co-terminal-02/japan.conf --route private-or-clear
003 "private-or-clear#0.0.0.0/0": conflict on eroute (), switching eroute to private-or-clear#0.0.0.0/0 and linking japan--wavesec
japan:~# sh /testing/pluto/co-terminal-02/eroutewait.sh trap
+ sh /testing/pluto/co-terminal-02/eroutewait.sh trap
japan:~# ipsec eroute | sed -e 's/^[0-9]* /n /' -e 's/tun0x..../tun0xABCD/'
+ ipsec eroute
+ sed -e 's/^[0-9]* /n /' -e s/tun0x..../tun0xABCD/
n          192.0.1.2/32       -> 0.0.0.0/0          => %trap
n          192.0.1.2/32       -> 192.1.2.129/32     => %pass
n          192.0.1.2/32       -> 192.1.2.130/32     => %pass
n          192.0.1.2/32       -> 192.1.2.254/32     => %pass
n          192.0.1.2/32       -> 192.1.3.254/32     => %pass
japan:~# ping -c 1 1.2.3.4
+ ping -c 1 1.2.3.4
PING 1.2.3.4 (1.2.3.4): 56 data bytes

--- 1.2.3.4 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
japan:~# /testing/pluto/co-terminal-02/eroutewait.sh tun0
+ /testing/pluto/co-terminal-02/eroutewait.sh tun0
japan:~# ipsec eroute | sed -e 's/^[0-9]* /n /' -e 's/tun0x..../tun0xABCD/'
+ ipsec eroute
+ sed -e 's/^[0-9]* /n /' -e s/tun0x..../tun0xABCD/
n          192.0.1.2/32       -> 0.0.0.0/0          => %trap
n          192.0.1.2/32       -> 1.2.3.4/32         => tun0xABCD@192.0.1.254
n         192.0.1.2/32       -> 192.1.2.129/32     => %pass
n          192.0.1.2/32       -> 192.1.2.130/32     => %pass
n         192.0.1.2/32       -> 192.1.2.254/32     => %pass
n          192.0.1.2/32       -> 192.1.3.254/32     => %pass
japan:~# ping -c 1 1.2.3.4
+ ping -c 1 1.2.3.4
PING 1.2.3.4 (1.2.3.4): 56 data bytes
64 bytes from 1.2.3.4: icmp_seq=0 ttl=257 time=999 ms

--- 1.2.3.4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
japan:~# sleep 1
+ sleep 1
japan:~# ping -c 1 192.0.2.2
+ ping -c 1 192.0.2.2
PING 192.0.2.2 (192.0.2.2): 56 data bytes

--- 192.0.2.2 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
japan:~# /testing/pluto/co-terminal-02/eroutewait.sh 192.1.2.23
+ /testing/pluto/co-terminal-02/eroutewait.sh 192.1.2.23
japan:~# ping -c 1 192.0.2.2
+ ping -c 1 192.0.2.2
PING 192.0.2.2 (192.0.2.2): 56 data bytes
64 bytes from 192.0.2.2: icmp_seq=0 ttl=257 time=999 ms

--- 192.0.2.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.1/4.5/9.26 ms
japan:~# ipsec eroute | sed -e 's/^[0-9]* /n /' -e 's/tun0x..../tun0xABCD/'
+ ipsec eroute
+ sed -e 's/^[0-9]* /n /' -e s/tun0x..../tun0xABCD/
n          192.0.1.2/32       -> 0.0.0.0/0          => %trap
n          192.0.1.2/32       -> 1.2.3.4/32         => tun0xABCD@192.0.1.254
n          192.0.1.2/32       -> 192.0.2.2/32       => tun0xABCD@192.1.2.23
n         192.0.1.2/32       -> 192.1.2.129/32     => %pass
n          192.0.1.2/32       -> 192.1.2.130/32     => %pass
n         192.0.1.2/32       -> 192.1.2.254/32     => %pass
n          192.0.1.2/32       -> 192.1.3.254/32     => %pass
japan:~# echo done
+ echo done
done
japan:~# 

+ : ==== tuc ==== :

