east-console.txt

ipsec vpn

east:~#
 set -u
east:~#
 route delete -net 192.0.1.0 netmask 255.255.255.0
east:~#
 route delete -net default
east:~#
 route add -net default gw 192.1.2.45
east:~#
 named
east:~#
 dig sunrise-oe.uml.freeswan.org a

; <<>> DiG VERSION<<>> sunrise-oe.uml.freeswan.org a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sunrise-oe.uml.freeswan.org.	IN	A

;; ANSWER SECTION:
sunrise-oe.uml.freeswan.org. 604800 IN	A	192.0.2.2

;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 dig 45.2.1.192.in-addr.arpa. txt

; <<>> DiG VERSION<<>> 45.2.1.192.in-addr.arpa. txt
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;45.2.1.192.in-addr.arpa.	IN	TXT

;; ANSWER SECTION:
45.2.1.192.in-addr.arpa. 604800	IN	TXT	"X-IPsec-Server(10)=192.1.2.45 " "AQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQ" "KerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7"

;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 netstat -rne
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.9.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.1.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.1.2.45      0.0.0.0         UG    0      0        0 eth1
east:~#
 ipsec setup start
ipsec_setup: Starting Openswan IPsec VERSION
east:~#
 ipsec auto --add simulate-OE-east-west-1
east:~#
 /testing/pluto/basic-pluto-01/eroutewait.sh trap
east:~#
 ipsec auto --route simulate-OE-east-west-1
east:~#
east:~#
 : This should fail, but only because .1 of westnests has no TXT.
east:~#
 : We use --up so that the negotiation is logged.
east:~#
 : Failure should come before negotiation is actually started.
east:~#
 : No shunt eroute will be created because of using --oppohere/--oppothere.
east:~#
 ipsec auto --up simulate-OE-east-west-1
104 "simulate-OE-east-west-1" #1: STATE_MAIN_I1: initiate
003 "simulate-OE-east-west-1" #1: received Vendor ID payload [Openswan 
003 "simulate-OE-east-west-1" #1: received Vendor ID payload [Dead Peer Detection]
106 "simulate-OE-east-west-1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "simulate-OE-east-west-1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "simulate-OE-east-west-1" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
117 "simulate-OE-east-west-1" #2: STATE_QUICK_I1: initiate
031 "simulate-OE-east-west-1" #2: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
east:~#
 ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
0          192.1.2.23/32      -> 192.0.1.1/32       => %trap
east:~#
 : the nether world according to pluto
east:~#
east:~#
 echo end
end
east:~#
 

east:~#
east:~#