testing/pluto/ah-pluto-07-klips-netkey/east.console.txt

/testing/guestbin/swan-prep
east #
 ip addr add 192.0.2.111/24 dev eth0
east #
 ipsec start
[ 00.00] registered KLIPS /proc/sys/net
[ 00.00] ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=253 name=cbc(twofish) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=252 name=cbc(serpent) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=6 name=cbc(cast5) keyminbits=128 keymaxbits=128, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0)
[ 00.00] KLIPS: lookup for ciphername=cipher_null: not found
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=2 name=hmac(md5) ctx_size=88 keyminbits=128 keymaxbits=128, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=3 name=hmac(sha1) ctx_size=88 keyminbits=160 keymaxbits=160, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=5 name=hmac(sha256) ctx_size=88 keyminbits=256 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=6 name=hmac(sha384) ctx_size=88 keyminbits=384 keymaxbits=384, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=7 name=hmac(sha512) ctx_size=88 keyminbits=512 keymaxbits=512, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=252 name=hmac(sha256) ctx_size=88 keyminbits=256 keymaxbits=256, found(0)
[ 00.00] 
Redirecting to: systemctl start ipsec.service
[ 00.00] 
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-ah-md5
002 added connection description "westnet-eastnet-ah-md5"
east #
 ipsec auto --add westnet-eastnet-ah-sha1
002 added connection description "westnet-eastnet-ah-sha1"
east #
 echo "initdone"
initdone
east #
 ../../pluto/bin/ipsec-look.sh
east NOW
192.0.2.0/24       -> 192.0.1.0/24       => tun0xIPIP@192.1.2.45 ah0xAHSPI@192.1.2.45
192.0.2.111/32     -> 192.0.1.111/32     => tun0xIPIP@192.1.2.45 ah0xAHSPI@192.1.2.45
ipsec0->eth1 mtu=16260(9999)->1500
tun0xTUN#@192.1.2.45 IPIP: dir=out src=192.1.2.23 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
ah0xSPISPI@192.1.2.45 AH_HMAC_SHA1: dir=out src=192.1.2.23 ooowin=32  alen=160 aklen=160 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
tun0xTUN#@192.1.2.45 IPIP: dir=out src=192.1.2.23 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
ah0xSPISPI@192.1.2.45 AH_HMAC_MD5: dir=out src=192.1.2.23 ooowin=32  alen=128 aklen=128 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
ah0xSPISPI@192.1.2.23 AH_HMAC_SHA1: dir=in  src=192.1.2.45 ooowin=32   alen=160 aklen=160 jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
tun0xTUN#@192.1.2.23 IPIP: dir=in  src=192.1.2.45 policy=192.0.1.0/24->192.0.2.0/24 flags=0x8<> jiffies=0123456789  natencap=none natsport=0 natdport=0   refhim=0
ROUTING TABLES
default via 192.1.2.254 dev eth1 
192.0.1.0/24 dev ipsec0  scope link 
192.0.1.111 dev ipsec0  scope link 
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254 
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 
192.9.2.0/24 dev eth2 proto kernel scope link src 192.9.2.23 
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east #
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi