TCPDUMP

moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &
alice# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &

PRE-TEST

moon# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

carol# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

moon# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

moon# sleep 4


TEST

moon# ipsec status | grep 'STATE_MAIN_I4 (ISAKMP SA established)' [YES]
000 #1: "carol"[1] 192.168.0.100 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 3263s; newest ISAKMP

carol# iptables -I INPUT 1 -i eth0 -s 192.168.0.1 -j DROP | grep 'no output expected' [NO]

moon# sleep 35 | grep 'no output expected' [NO]

carol# iptables -D INPUT 1 | grep 'no output expected' [NO]

moon# cat /var/log/auth.log | grep 'inserting event EVENT_DPD' [YES]
Jul 20 14:25:35 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2
Jul 20 14:25:40 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2
Jul 20 14:25:40 moon pluto[8655]: | inserting event EVENT_DPD_TIMEOUT, timeout in 25 seconds for #1
Jul 20 14:25:45 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2
Jul 20 14:25:50 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2
Jul 20 14:25:55 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2
Jul 20 14:26:00 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2
Jul 20 14:26:05 moon pluto[8655]: | inserting event EVENT_DPD, timeout in 5 seconds for #2

moon# cat /var/log/auth.log | grep 'DPD: No response from peer - declaring peer dead' [YES]
Jul 20 14:26:05 moon pluto[8655]: "carol"[1] 192.168.0.100 #1: DPD: No response from peer - declaring peer dead

moon# cat /var/log/auth.log | grep 'DPD: Terminating all SAs using this connection' [YES]
Jul 20 14:26:05 moon pluto[8655]: "carol"[1] 192.168.0.100 #1: DPD: Terminating all SAs using this connection

moon# cat /var/log/auth.log | grep 'DPD: Restarting connection' [YES]
Jul 20 14:26:06 moon pluto[8655]: DPD: Restarting connection "carol"

moon# sleep 10 | grep 'no output expected' [NO]

moon# ipsec status | grep 'STATE_MAIN_I4 (ISAKMP SA established)' [YES]
000 #3: "carol"[2] 192.168.0.100 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 3343s; newest ISAKMP


POST-TEST

carol# ipsec stop
Stopping strongSwan IPsec...

moon# ipsec stop
Stopping strongSwan IPsec...

moon# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]

carol# ip addr del 10.3.0.1/32 dev eth0

moon# killall tcpdump
alice# killall tcpdump