1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
/testing/guestbin/swan-prep
west #
ip tunnel add test0 mode gre local 192.1.2.45 remote 192.1.2.23
west #
../../guestbin/ip.sh address add 172.29.1.1/24 dev test0
west #
../../guestbin/ip.sh link set dev test0 up
west #
ipsec start
Redirecting to: [initsystem]
west #
../../guestbin/wait-until-pluto-started
west #
ipsec auto --add test1
"test1": added IKEv1 connection
west #
ipsec auto --add test2
"test2": added IKEv1 connection
west #
ipsec auto --add test3
"test3": added unoriented IKEv1 connection (neither left=172.29.1.3 nor right=172.29.1.2 match an interface)
west #
# should establish
west #
ipsec auto --up test1
"test1" #1: initiating IKEv1 Main Mode connection
"test1" #1: sent Main Mode request
"test1" #1: sent Main Mode I2
"test1" #1: sent Main Mode I3
"test1" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"test1" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"test1" #2: sent Quick Mode request
"test1" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
west #
../../guestbin/ip.sh address add 172.29.1.3/24 dev test0
west #
ipsec auto --ready
listening for IKE messages
adding interface test0 172.29.1.3:UDP/500
adding interface test0 172.29.1.3:UDP/4500 (NAT)
"test2": connection matches both left test0 172.29.1.1 and right test0 172.29.1.3
"test3": oriented IKEv1 connection (local: left=172.29.1.3 remote: right=172.29.1.2)
forgetting secrets
loading secrets from "/etc/ipsec.secrets"
west #
ipsec auto --up test2
"test2": we cannot identify ourselves with either end of this connection. 172.29.1.1 or 172.29.1.3 are not usable
west #
../../guestbin/ip.sh address del 172.29.1.3/24 dev test0
west #
# not read issuing --ready
west #
|
