PRE-TEST moon# echo 1 > /proc/sys/net/ipv4/ip_forward carol# ipsec start Starting strongSwan 4.2.17 IPsec [starter]... moon# ipsec start Starting strongSwan 4.2.17 IPsec [starter]... carol# sleep 2 carol# ipsec up home 002 "home" #1: initiating Main Mode 104 "home" #1: STATE_MAIN_I1: initiate 003 "home" #1: ignoring Vendor ID payload [strongSwan 4.2.17] 003 "home" #1: received Vendor ID payload [XAUTH] 003 "home" #1: received Vendor ID payload [Dead Peer Detection] 106 "home" #1: STATE_MAIN_I2: sent MI2, expecting MR2 002 "home" #1: we have a cert and are sending it upon request 108 "home" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "home" #1: Peer ID is ID_FQDN: '@moon.strongswan.org' 002 "home" #1: crl not found 002 "home" #1: certificate status unknown 002 "home" #1: ISAKMP SA established 004 "home" #1: STATE_MAIN_I4: ISAKMP SA established 002 "home" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1} 112 "home" #2: STATE_QUICK_I1: initiate 002 "home" #2: sent QI2, IPsec SA established {ESP=>0x938735da <0xc4a04d15} 004 "home" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x938735da <0xc4a04d15} TEST carol# ipsec status | grep 'home.*STATE_QUICK_I2.*IPsec SA established' [YES] 000 #2: "home" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 935s; newest IPSEC; eroute owner moon# ipsec status | grep 'rw.*STATE_QUICK_R2.*IPsec SA established' [YES] 000 #2: "rw"[1] 192.168.0.100 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1110s; newest IPSEC; eroute owner carol# ipsec statusall | grep 'ESP algorithm newest: AES_256-AES_XCBC_MAC' [YES] 000 "home": ESP algorithm newest: AES_256-AES_XCBC_MAC; pfsgroup= moon# ipsec statusall | grep 'ESP algorithm newest: AES_256-AES_XCBC_MAC' [YES] 000 "rw"[1]: ESP algorithm newest: AES_256-AES_XCBC_MAC; pfsgroup= carol# ip xfrm state | grep 'auth xcbc(aes)' [YES] auth xcbc(aes) 0x1f281ca3e11d97ddf9f361ef3bfc371a auth xcbc(aes) 0xf4687024064dbd82ce4eef7b5ab1d904 moon# ip xfrm state | grep 'auth xcbc(aes)' [YES] auth xcbc(aes) 0xf4687024064dbd82ce4eef7b5ab1d904 auth xcbc(aes) 0x1f281ca3e11d97ddf9f361ef3bfc371a carol# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq=1' [YES] 64 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=0.806 ms POST-TEST moon# ipsec stop Stopping strongSwan IPsec... carol# ipsec stop Stopping strongSwan IPsec...