/testing/guestbin/swan-prep --hostkeys
Creating NSS database containing host keys
west #
 # confirm that the network is alive
west #
 ../../guestbin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../guestbin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec auto --add westnet-eastnet
"westnet-eastnet": added IKEv1 connection
west #
 echo "initdone"
initdone
west #
 ipsec whack --impair revival
west #
 # Proper test connection, should work
west #
 ipsec whack --impair none
west #
 ipsec whack --impair suppress_retransmits
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #1: initiating IKEv1 Main Mode connection
"westnet-eastnet" #1: sent Main Mode request
"westnet-eastnet" #1: sent Main Mode I2
"westnet-eastnet" #1: sent Main Mode I3
"westnet-eastnet" #1: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #1: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #1: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #2: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #2: sent Quick Mode request
"westnet-eastnet" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #2 and ISAKMP SA #1
"westnet-eastnet" #2: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #1
"westnet-eastnet" #2: ESP traffic information: in=84B out=84B
"westnet-eastnet" #1: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 # Quick:
west #
 ipsec whack --impair none
west #
 ipsec whack --impair revival
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair v1_hash_exchange:quick
west #
 # HASH payload omitted - should fail
west #
 ipsec whack --impair v1_hash_payload:omit
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --down -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #3: initiating IKEv1 Main Mode connection
"westnet-eastnet" #3: sent Main Mode request
"westnet-eastnet" #3: sent Main Mode I2
"westnet-eastnet" #3: sent Main Mode I3
"westnet-eastnet" #3: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #3: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #3: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #4: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #4: IMPAIR: omitting HASH payload for outI1
"westnet-eastnet" #4: sent Quick Mode request
"westnet-eastnet" #4: STATE_QUICK_I1: 60 second timeout exceeded after 0 retransmits.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
"westnet-eastnet" #4: connection is supposed to remain up; revival attempt 1 scheduled in 0 seconds
"westnet-eastnet" #4: IMPAIR: revival: skip scheduling revival event
"westnet-eastnet" #4: deleting IPsec SA (QUICK_I1) and NOT sending notification
ERROR: "westnet-eastnet" #4: netlink response for Del SA esp.ESPSPIi@192.1.2.45: No such process (errno 3)
west #
 # HASH payload empty - should fail
west #
 ipsec whack --impair v1_hash_payload:empty
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --down -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #5: initiating IKEv1 Main Mode connection
"westnet-eastnet" #5: sent Main Mode request
"westnet-eastnet" #5: sent Main Mode I2
"westnet-eastnet" #5: sent Main Mode I3
"westnet-eastnet" #5: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #5: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #5: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #6: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #6: IMPAIR: sending HASH payload with no data for outI1
"westnet-eastnet" #6: sent Quick Mode request
"westnet-eastnet" #6: STATE_QUICK_I1: 60 second timeout exceeded after 0 retransmits.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
"westnet-eastnet" #6: connection is supposed to remain up; revival attempt 1 scheduled in 0 seconds
"westnet-eastnet" #6: IMPAIR: revival: skip scheduling revival event
"westnet-eastnet" #6: deleting IPsec SA (QUICK_I1) and NOT sending notification
ERROR: "westnet-eastnet" #6: netlink response for Del SA esp.ESPSPIi@192.1.2.45: No such process (errno 3)
west #
 # HASH payload badly calculated - should fail
west #
 ipsec whack --impair v1_hash_payload:0
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --down -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #7: initiating IKEv1 Main Mode connection
"westnet-eastnet" #7: sent Main Mode request
"westnet-eastnet" #7: sent Main Mode I2
"westnet-eastnet" #7: sent Main Mode I3
"westnet-eastnet" #7: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #7: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #7: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #8: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #8: IMPAIR: setting HASH payload bytes to 00
"westnet-eastnet" #8: sent Quick Mode request
"westnet-eastnet" #8: STATE_QUICK_I1: 60 second timeout exceeded after 0 retransmits.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
"westnet-eastnet" #8: connection is supposed to remain up; revival attempt 1 scheduled in 0 seconds
"westnet-eastnet" #8: IMPAIR: revival: skip scheduling revival event
"westnet-eastnet" #8: deleting IPsec SA (QUICK_I1) and NOT sending notification
ERROR: "westnet-eastnet" #8: netlink response for Del SA esp.ESPSPIi@192.1.2.45: No such process (errno 3)
west #
 echo done
done
west #
 # Delete
west #
 ipsec whack --impair none
west #
 ipsec whack --impair revival
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair v1_hash_exchange:delete
west #
 # HASH payload omitted - delete should fail
west #
 ipsec whack --impair v1_hash_payload:omit
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #9: initiating IKEv1 Main Mode connection
"westnet-eastnet" #9: sent Main Mode request
"westnet-eastnet" #9: sent Main Mode I2
"westnet-eastnet" #9: sent Main Mode I3
"westnet-eastnet" #9: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #9: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #9: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #10: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #10: sent Quick Mode request
"westnet-eastnet" #10: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #10 and ISAKMP SA #9
"westnet-eastnet" #10: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #9
"westnet-eastnet" #10: IMPAIR: omitting HASH payload for send delete
"westnet-eastnet" #10: ESP traffic information: in=84B out=84B
"westnet-eastnet" #9: deleting ISAKMP SA (MAIN_I4) and sending notification
"westnet-eastnet" #9: IMPAIR: omitting HASH payload for send delete
west #
 # HASH payload empty - delete should fail
west #
 ipsec whack --impair v1_hash_payload:empty
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #11: initiating IKEv1 Main Mode connection
"westnet-eastnet" #11: sent Main Mode request
"westnet-eastnet" #11: sent Main Mode I2
"westnet-eastnet" #11: sent Main Mode I3
"westnet-eastnet" #11: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #11: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #11: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #12: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #12: sent Quick Mode request
"westnet-eastnet" #12: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #12 and ISAKMP SA #11
"westnet-eastnet" #12: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #11
"westnet-eastnet" #12: IMPAIR: sending HASH payload with no data for send delete
"westnet-eastnet" #12: ESP traffic information: in=84B out=84B
"westnet-eastnet" #11: deleting ISAKMP SA (MAIN_I4) and sending notification
"westnet-eastnet" #11: IMPAIR: sending HASH payload with no data for send delete
west #
 # HASH payload badly calculated - delete should fail
west #
 ipsec whack --impair v1_hash_payload:0
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #13: initiating IKEv1 Main Mode connection
"westnet-eastnet" #13: sent Main Mode request
"westnet-eastnet" #13: sent Main Mode I2
"westnet-eastnet" #13: sent Main Mode I3
"westnet-eastnet" #13: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #13: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #13: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #14: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #14: sent Quick Mode request
"westnet-eastnet" #14: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #14 and ISAKMP SA #13
"westnet-eastnet" #14: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #13
"westnet-eastnet" #14: IMPAIR: setting HASH payload bytes to 00
"westnet-eastnet" #14: ESP traffic information: in=84B out=84B
"westnet-eastnet" #13: deleting ISAKMP SA (MAIN_I4) and sending notification
"westnet-eastnet" #13: IMPAIR: setting HASH payload bytes to 00
west #
 echo done
done
west #
 # XAUTH:
west #
 ipsec whack --impair none
west #
 ipsec whack --impair revival
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair v1_hash_exchange:xauth
west #
 # HASH payload omitted - XAUTH should fail
west #
 ipsec whack --impair v1_hash_payload:omit
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #15: initiating IKEv1 Main Mode connection
"westnet-eastnet" #15: sent Main Mode request
"westnet-eastnet" #15: sent Main Mode I2
"westnet-eastnet" #15: sent Main Mode I3
"westnet-eastnet" #15: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #15: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #15: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #16: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #16: sent Quick Mode request
"westnet-eastnet" #16: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #16 and ISAKMP SA #15
"westnet-eastnet" #16: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #15
"westnet-eastnet" #16: ESP traffic information: in=84B out=84B
"westnet-eastnet" #15: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 # HASH payload empty - XAUTH should fail
west #
 ipsec whack --impair v1_hash_payload:empty
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #17: initiating IKEv1 Main Mode connection
"westnet-eastnet" #17: sent Main Mode request
"westnet-eastnet" #17: sent Main Mode I2
"westnet-eastnet" #17: sent Main Mode I3
"westnet-eastnet" #17: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #17: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #17: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #18: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #18: sent Quick Mode request
"westnet-eastnet" #18: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #18 and ISAKMP SA #17
"westnet-eastnet" #18: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #17
"westnet-eastnet" #18: ESP traffic information: in=84B out=84B
"westnet-eastnet" #17: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 # HASH payload badly calculated - XAUTH should fail
west #
 ipsec whack --impair v1_hash_payload:0
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #19: initiating IKEv1 Main Mode connection
"westnet-eastnet" #19: sent Main Mode request
"westnet-eastnet" #19: sent Main Mode I2
"westnet-eastnet" #19: sent Main Mode I3
"westnet-eastnet" #19: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #19: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #19: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #20: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #20: sent Quick Mode request
"westnet-eastnet" #20: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #20 and ISAKMP SA #19
"westnet-eastnet" #20: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #19
"westnet-eastnet" #20: ESP traffic information: in=84B out=84B
"westnet-eastnet" #19: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 echo done
done
west #
 # INFO
west #
 ipsec whack --impair none
west #
 ipsec whack --impair revival
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair v1_hash_exchange:notification
west #
 # HASH payload omitted - INFO should fail
west #
 ipsec whack --impair v1_hash_payload:omit
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #21: initiating IKEv1 Main Mode connection
"westnet-eastnet" #21: sent Main Mode request
"westnet-eastnet" #21: sent Main Mode I2
"westnet-eastnet" #21: sent Main Mode I3
"westnet-eastnet" #21: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #21: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #21: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #22: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #22: sent Quick Mode request
"westnet-eastnet" #22: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #22 and ISAKMP SA #21
"westnet-eastnet" #22: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #21
"westnet-eastnet" #22: ESP traffic information: in=84B out=84B
"westnet-eastnet" #21: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 # HASH payload empty - INFO should fail
west #
 ipsec whack --impair v1_hash_payload:empty
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #23: initiating IKEv1 Main Mode connection
"westnet-eastnet" #23: sent Main Mode request
"westnet-eastnet" #23: sent Main Mode I2
"westnet-eastnet" #23: sent Main Mode I3
"westnet-eastnet" #23: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #23: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #23: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #24: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #24: sent Quick Mode request
"westnet-eastnet" #24: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #24 and ISAKMP SA #23
"westnet-eastnet" #24: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #23
"westnet-eastnet" #24: ESP traffic information: in=84B out=84B
"westnet-eastnet" #23: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 # HASH payload badly calculated - INFO should fail
west #
 ipsec whack --impair v1_hash_payload:0
west #
 ../../guestbin/libreswan-up-down.sh westnet-eastnet --alive -I 192.0.1.254 192.0.2.254
"westnet-eastnet": added IKEv1 connection
"westnet-eastnet" #25: initiating IKEv1 Main Mode connection
"westnet-eastnet" #25: sent Main Mode request
"westnet-eastnet" #25: sent Main Mode I2
"westnet-eastnet" #25: sent Main Mode I3
"westnet-eastnet" #25: Peer ID is ID_FQDN: '@east'
"westnet-eastnet" #25: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #25: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet" #26: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet" #26: sent Quick Mode request
"westnet-eastnet" #26: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
destination -I 192.0.1.254 192.0.2.254 is alive
"westnet-eastnet": initiating delete of connection's IPsec SA #26 and ISAKMP SA #25
"westnet-eastnet" #26: deleting IPsec SA (QUICK_I2) and sending notification using ISAKMP SA #25
"westnet-eastnet" #26: ESP traffic information: in=84B out=84B
"westnet-eastnet" #25: deleting ISAKMP SA (MAIN_I4) and sending notification
west #
 echo done
done
west #
 ipsec stop
Redirecting to: [initsystem]
west #
 : what should be looked for?
west #
 sed -n -f payloads.sed /tmp/pluto.log
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #1: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #3: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #4: IMPAIR: omitting HASH payload for outI1
"westnet-eastnet" #4: IMPAIR: revival: skip scheduling revival event
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #5: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #6: IMPAIR: sending HASH payload with no data for outI1
"westnet-eastnet" #6: IMPAIR: revival: skip scheduling revival event
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #7: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
"westnet-eastnet" #8: IMPAIR: setting HASH payload bytes to 00
"westnet-eastnet" #8: IMPAIR: revival: skip scheduling revival event
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #9: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
"westnet-eastnet" #10: IMPAIR: omitting HASH payload for send delete
"westnet-eastnet" #9: IMPAIR: omitting HASH payload for send delete
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #11: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
"westnet-eastnet" #12: IMPAIR: sending HASH payload with no data for send delete
"westnet-eastnet" #11: IMPAIR: sending HASH payload with no data for send delete
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #13: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
"westnet-eastnet" #14: IMPAIR: setting HASH payload bytes to 00
"westnet-eastnet" #13: IMPAIR: setting HASH payload bytes to 00
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #15: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #17: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #19: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #21: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #23: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok
-- start message (ID)
|    next payload type: ISAKMP_NEXT_ID (0x5)
| ***parse ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 278 (01 16)
"westnet-eastnet" #25: authenticated peer using preloaded certificate '@east' and 2nnn-bit RSA with SHA1 signature
-- start message (HASH)
|    next payload type: ISAKMP_NEXT_HASH (0x8)
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (00 24)
| received 'quick_inR1_outI2' message HASH(2) data ok

