TCPDUMP

moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &

PRE-TEST

moon# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

moon# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

carol# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

carol# sleep 1

carol# ssh -o ConnectTimeout=5 10.1.0.10 hostname
ssh: connect to host 10.1.0.10 port 22: Connection timed out

carol# ping -c 1 10.1.0.10 > /dev/null
ping: sendmsg: Operation not permitted

carol# sleep 2


TEST

carol# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq' [YES]
64 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=0.773 ms

carol# ping -c 1 10.1.0.1 | grep '64 bytes from 10.1.0.1: icmp_seq' [YES]
64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.508 ms

carol# ssh 10.1.0.10 hostname | grep 'alice' [YES]
alice

carol# cat /var/log/auth.log | grep 'initiate on demand' [YES]
Jul 20 15:14:50 carol pluto[14862]: | initiate on demand from 192.168.0.100:8 to 10.1.0.10:0 proto=1 state: fos_start because: whack
Jul 20 15:15:24 carol pluto[14862]: | initiate on demand from 192.168.0.100:55770 to 10.1.0.10:22 proto=6 state: fos_start because: whack

carol# ipsec status | grep 'home.*STATE_QUICK_I2.*IPsec SA established' [YES]
000 #2: "home-icmp" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 808s; newest IPSEC; eroute owner
000 #3: "home-ssh" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 895s; newest IPSEC; eroute owner

moon# ipsec status | grep 'rw.*STATE_QUICK_R2.*IPsec SA established' [YES]
000 #2: "rw-icmp"[1] 192.168.0.100 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1054s; newest IPSEC; eroute owner
000 #3: "rw-ssh"[2] 192.168.0.100 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1087s; newest IPSEC; eroute owner

moon# killall tcpdump

moon# cat /tmp/tcpdump.log | grep 'IP carol.strongswan.org > moon.strongswan.org: ESP' [YES]
15:15:02.706951 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x1fc91722,seq=0x1), length 132
15:15:03.029411 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x1fc91722,seq=0x2), length 132
15:15:48.229779 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x1), length 100
15:15:48.230490 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x2), length 100
15:15:48.297241 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x3), length 100
15:15:48.300108 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x4), length 116
15:15:48.302562 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x5), length 884
15:15:48.323255 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x6), length 116
15:15:48.354591 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x7), length 244
15:15:48.383240 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x8), length 116
15:15:48.383959 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x9), length 148
15:15:48.385344 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0xa), length 164
15:15:48.404194 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0xb), length 484
15:15:48.417014 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0xc), length 228
15:15:48.431310 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0xd), length 164
15:15:48.499172 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0xe), length 100
15:15:48.500287 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0xf), length 132
15:15:48.500645 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x10), length 100
15:15:48.508447 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x16f19a05,seq=0x11), length 100

moon# cat /tmp/tcpdump.log | grep 'IP moon.strongswan.org > carol.strongswan.org: ESP' [YES]
15:15:02.707390 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0x4d4435ef,seq=0x1), length 132
15:15:03.029578 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0x4d4435ef,seq=0x2), length 132
15:15:48.230247 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x1), length 100
15:15:48.296879 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x2), length 116
15:15:48.302060 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x3), length 100
15:15:48.302974 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x4), length 100
15:15:48.322295 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x5), length 884
15:15:48.346614 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x6), length 244
15:15:48.369156 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x7), length 100
15:15:48.374377 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x8), length 564
15:15:48.383712 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x9), length 100
15:15:48.384392 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0xa), length 100
15:15:48.384780 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0xb), length 148
15:15:48.391561 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0xc), length 164
15:15:48.414901 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0xd), length 132
15:15:48.430651 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0xe), length 148
15:15:48.498051 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0xf), length 308
15:15:48.498503 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x10), length 148
15:15:48.498861 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x11), length 164
15:15:48.508244 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbe863707,seq=0x12), length 100


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...

moon# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]