PRE-TEST

moon# rm /etc/ipsec.d/cacerts/*

carol# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

moon# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

carol# sleep 2

carol# ipsec up home
002 "home" #1: initiating Main Mode
104 "home" #1: STATE_MAIN_I1: initiate
010 "home" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "home" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
031 "home" #1: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message


TEST

carol# ipsec status | grep 'home.*STATE_QUICK_I2.*IPsec SA established' [NO]

moon# cat /var/log/auth.log | grep 'peer requests RSASIG authentication' [YES]
Jul 20 15:21:57 moon pluto[22568]: | preparse_isakmp_policy: peer requests RSASIG authentication
Jul 20 15:22:07 moon pluto[22568]: | preparse_isakmp_policy: peer requests RSASIG authentication
Jul 20 15:22:27 moon pluto[22568]: | preparse_isakmp_policy: peer requests RSASIG authentication

moon# cat /var/log/auth.log | grep 'but no connection has been authorized with policy=RSASIG' [YES]
Jul 20 15:21:57 moon pluto[22568]: packet from 192.168.0.100:500: initial Main Mode message received on 192.168.0.1:500 but no connection has been authorized with policy=RSASIG
Jul 20 15:22:07 moon pluto[22568]: packet from 192.168.0.100:500: initial Main Mode message received on 192.168.0.1:500 but no connection has been authorized with policy=RSASIG
Jul 20 15:22:27 moon pluto[22568]: packet from 192.168.0.100:500: initial Main Mode message received on 192.168.0.1:500 but no connection has been authorized with policy=RSASIG

moon# ipsec status | grep '*192.168.0.100 STATE_QUICK_R2.*IPsec SA established' [NO]


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...