/testing/guestbin/swan-prep --x509 --x509name key4096
Preparing X.509 files
road #
 ipsec start
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 iptables -I INPUT -p udp -m length --length 0x5dc:0xffff -j DROP
road #
 ipsec auto --add x509
002 "x509": added IKEv1 connection
road #
 echo done
done
road #
 ipsec auto --up x509
002 "x509" #1: initiating IKEv1 Main Mode connection
1v1 "x509" #1: sent Main Mode request
1v1 "x509" #1: sent Main Mode I2
002 "x509" #1: I am sending my cert
002 "x509" #1: I am sending a certificate request
1v1 "x509" #1: sent Main Mode I3
002 "x509" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
002 "x509" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
003 "x509" #1: authenticated using RSA with SHA1 and peer certificate 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
004 "x509" #1: IKE SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
002 "x509" #2: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+IKE_FRAG_FORCE+ESN_NO
1v1 "x509" #2: sent Quick Mode request
004 "x509" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
road #
 echo done
done
road #
 grep "fragment" /tmp/pluto.log | grep -v delref
| peer supports fragmentation
| sending IKE fragment id '1', number '1'
| sending IKE fragment id '1', number '2'
| sending IKE fragment id '1', number '3'
| sending IKE fragment id '1', number '4'
| sending IKE fragment id '1', number '5' (last)
| sending IKE fragment id '1', number '1'
| sending IKE fragment id '1', number '2'
| sending IKE fragment id '1', number '3'
| sending IKE fragment id '1', number '4'
| sending IKE fragment id '1', number '5' (last)
|    fragment id: 1 (00 01)
|    fragment number: 1 (01)
| received IKE fragment id '1', number '1'
|    fragment id: 1 (00 01)
|    fragment number: 2 (02)
| received IKE fragment id '1', number '2'
|    fragment id: 1 (00 01)
|    fragment number: 3 (03)
| received IKE fragment id '1', number '3'
|    fragment id: 1 (00 01)
|    fragment number: 4 (04)
| received IKE fragment id '1', number '4'
|    fragment id: 1 (00 01)
|    fragment number: 5 (05)
| received IKE fragment id '1', number '5'(last)
|  updated IKE fragment state to respond using fragments without waiting for re-transmits
road #
 
