PRE-TEST carol# ipsec start Starting strongSwan IPsec 2.8.8 [starter]... moon# ipsec start Starting strongSwan IPsec 2.8.8 [starter]... carol# sleep 2 carol# ipsec up home 002 "home" #1: initiating Main Mode 104 "home" #1: STATE_MAIN_I1: initiate 003 "home" #1: ignoring Vendor ID payload [strongSwan 2.8.8] 003 "home" #1: received Vendor ID payload [XAUTH] 003 "home" #1: received Vendor ID payload [Dead Peer Detection] 106 "home" #1: STATE_MAIN_I2: sent MI2, expecting MR2 002 "home" #1: we have a cert and are sending it 108 "home" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "home" #1: Peer ID is ID_FQDN: '@moon.strongswan.org' 002 "home" #1: crl not found 002 "home" #1: certificate status unknown 002 "home" #1: ISAKMP SA established 004 "home" #1: STATE_MAIN_I4: ISAKMP SA established 002 "home" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1} 112 "home" #2: STATE_QUICK_I1: initiate 003 "home" #2: You should NOT use insecure ESP algorithms [ESP_NULL (0)]! 002 "home" #2: sent QI2, IPsec SA established {ESP=>0x780835be <0x626fdb74} 004 "home" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x780835be <0x626fdb74} TEST carol# ipsec status | grep 'home.*STATE_QUICK_I2.*IPsec SA established' [YES] 000 #2: "home" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 848s; newest IPSEC; eroute owner moon# ipsec status | grep 'rw.*STATE_QUICK_R2.*IPsec SA established' [YES] 000 #2: "rw"[1] 192.168.0.100 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1110s; newest IPSEC; eroute owner moon# ipsec statusall | grep 'ESP algorithm newest' [NULL_0-HMAC_SHA1] 000 "rw"[1]: ESP algorithm newest: NULL_0-HMAC_SHA1; pfsgroup= carol# ipsec statusall | grep 'ESP algorithm newest' [NULL_0-HMAC_SHA1] 000 "home": ESP algorithm newest: NULL_0-HMAC_SHA1; pfsgroup= carol# ping -c 1 -s 120 -p deadbeef 10.1.0.10 | grep '128 bytes from 10.1.0.10: icmp_seq=1' [YES] 128 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=0.355 ms POST-TEST moon# ipsec stop Stopping strongSwan IPsec... carol# ipsec stop Stopping strongSwan IPsec...