/testing/guestbin/swan-prep
east #
 # dmesg -n 6
east #
 # nohup tcpdump -i eth1 -s 65535 -X -vv -nn tcp > OUTPUT/east.tcpdump & sleep 1 # wait for nohup msg
east #
 # nohup dumpcap -i eth1 -w /tmp/east.pcap > OUTPUT/east.dumpcap & sleep 1 # wait for nohup msg
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-ikev2
002 "westnet-eastnet-ikev2": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 ipsec look
east NOW
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
iptables filter TABLE
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 via 192.1.2.45 dev eth1
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east #
 grep '^connection from' /tmp/pluto.log
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: timeout out before first message received
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: reading 'IKETCP' prefix returned 1 bytes but expecting 6; closing socket
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: prefix did not match 'IKETCP'; closing socket
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: timeout out before first message received
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: timeout out before first message received
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: reading first packet failed: Invalid argument (errno 22)
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: timeout out before first message received
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: timeout out before first message received
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: dropping packet with mangled IKE header: not enough room in input packet for ISAKMP Message (remain=1, sd->size=28)
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification INVALID_SYNTAX
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: timeout out before first message received
connection from 192.1.2.45:EPHEM: IKETCP ACCEPTED: socket XX: accepted connection
connection from 192.1.2.45:EPHEM: IKETCP PREFIX_RECEIVED: socket XX: timeout out before first message received
east #
 
