setenforce 0
east #
 /testing/guestbin/swan-prep --46
east #
 ipsec setup start
[ 00.00] NET: Registered protocol family 15
Redirecting to: systemctl start ipsec.service
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-6in4
east #
 echo "initdone"
initdone
east #
 ipsec look
east NOW
XFRM state:
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPIXX reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPIXX reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
XFRM policy:
src 2001:db8:0:2::/64 dst 2001:db8:0:1::/64 
	dir out priority 25792 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 2001:db8:0:1::/64 dst 2001:db8:0:2::/64 
	dir fwd priority 25792 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 2001:db8:0:1::/64 dst 2001:db8:0:2::/64 
	dir in priority 25792 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
169.254.0.0/16 dev eth2  scope link  metric 1004 
192.0.1.0/24 via 192.1.2.45 dev eth1 
192.0.2.0/24 dev eth0  proto kernel  scope link  src 192.0.2.254 
192.1.2.0/24 dev eth1  proto kernel  scope link  src 192.1.2.23 
192.9.2.0/24 dev eth2  proto kernel  scope link  src 192.9.2.23 
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:0:1::254 via 2001:db8:1:2::45 dev eth1  metric 0 
    cache 
2001:db8:0:2::/64 dev eth0  proto kernel  metric 256 
2001:db8::/48 via 2001:db8:1:2::45 dev eth1  metric 1024 
2001:db8:1:2::/64 dev eth1  proto kernel  metric 256 
2001:db8:9:2::/64 dev eth2  proto kernel  metric 256 
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
fe80::/64 dev eth2  proto kernel  metric 256 
default via 2001:db8:1:2::254 dev eth1  metric 1 
default via 2001:db8:1:2::254 dev eth1  metric 1024 
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east #
east #
 if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv /tmp/core* ./; fi
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1395258051.659:47): avc:  denied  { read } for  pid=1749 comm="pluto" name="ipsec.conf.common" dev="9p" ino=529045 scontext=system_u:system_r:ipsec_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=AVC msg=audit(1395258051.659:47): avc:  denied  { open } for  pid=1749 comm="pluto" path="/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common" dev="9p" ino=529045 scontext=system_u:system_r:ipsec_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1395258051.659:47): arch=c000003e syscall=2 success=yes exit=12 a0=7fb4d4108600 a1=0 a2=1b6 a3=7370692f6374652f items=0 ppid=1748 pid=1749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="pluto" exe="/usr/local/libexec/ipsec/pluto" subj=system_u:system_r:ipsec_t:s0 key=(null)
type=AVC msg=audit(1395258051.661:48): avc:  denied  { read } for  pid=1749 comm="pluto" name="pluto.log" dev="tmpfs" ino=14055 scontext=system_u:system_r:ipsec_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=lnk_file
type=AVC msg=audit(1395258051.661:48): avc:  denied  { create } for  pid=1749 comm="pluto" name="east.pluto.log" scontext=system_u:system_r:ipsec_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=AVC msg=audit(1395258051.661:48): avc:  denied  { write } for  pid=1749 comm="pluto" name="east.pluto.log" dev="9p" ino=530834 scontext=system_u:system_r:ipsec_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1395258051.661:48): arch=c000003e syscall=2 success=yes exit=3 a0=7fb4d4114970 a1=241 a2=1b6 a3=3 items=0 ppid=1748 pid=1749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="pluto" exe="/usr/local/libexec/ipsec/pluto" subj=system_u:system_r:ipsec_t:s0 key=(null)

