TCPDUMP moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 & PRE-TEST alice# /etc/init.d/iptables start 2> /dev/null * Caching service dependencies ... [ ok ] * Starting firewall ... [ ok ] venus# /etc/init.d/iptables start 2> /dev/null * Caching service dependencies ... [ ok ] * Starting firewall ... [ ok ] moon# /etc/init.d/iptables start 2> /dev/null * Caching service dependencies ... [ ok ] * Starting firewall ... [ ok ] carol# /etc/init.d/iptables start 2> /dev/null * Caching service dependencies ... [ ok ] * Starting firewall ... [ ok ] moon# iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source 192.168.0.1:1100-1200 moon# iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source 192.168.0.1:2000-2100 moon# iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT moon# iptables -A FORWARD -i eth0 -o eth1 -d 10.1.0.0/16 -j ACCEPT carol# ipsec start Starting strongSwan 4.2.17 IPsec [starter]... carol# sleep 1 alice# ipsec start Starting strongSwan 4.2.17 IPsec [starter]... alice# sleep 1 venus# ipsec start Starting strongSwan 4.2.17 IPsec [starter]... venus# sleep 2 TEST alice# ipsec statusall | grep 'medsrv.*ESTABLISHED' [YES] medsrv[2]: ESTABLISHED 5 seconds ago, 10.1.0.10[6cu1UTVw@medsrv.org]...192.168.0.100[carol@strongswan.org] venus# ipsec statusall | grep 'medsrv.*ESTABLISHED' [YES] medsrv[1]: ESTABLISHED 3 seconds ago, 10.1.0.20[F1ubAio8@medsrv.org]...192.168.0.100[carol@strongswan.org] carol# ipsec statusall | grep 'medsrv.*ESTABLISHED.*192.168.0.1.*6cu1UTVw@medsrv.org' [YES] medsrv[1]: ESTABLISHED 5 seconds ago, 192.168.0.100[carol@strongswan.org]...192.168.0.1[6cu1UTVw@medsrv.org] carol# ipsec statusall | grep 'medsrv.*ESTABLISHED.*192.168.0.1.*F1ubAio8@medsrv.org' [YES] medsrv[2]: ESTABLISHED 4 seconds ago, 192.168.0.100[carol@strongswan.org]...192.168.0.1[F1ubAio8@medsrv.org] alice# cat /var/log/daemon.log | grep 'received ME_CALLBACK' [YES] Jul 20 17:01:09 alice charon: 03[IKE] received ME_CALLBACK for 'F1ubAio8@medsrv.org' alice# ipsec statusall | grep 'peer.*ESTABLISHED' [YES] peer[1]: ESTABLISHED 2 seconds ago, 10.1.0.10[alice@strongswan.org]...10.1.0.20[venus.strongswan.org] venus# ipsec statusall | grep 'peer.*ESTABLISHED' [YES] peer[2]: ESTABLISHED 3 seconds ago, 10.1.0.20[venus.strongswan.org]...10.1.0.10[alice@strongswan.org] alice# ipsec statusall | grep 'peer.*INSTALLED' [YES] peer{1}: INSTALLED, TUNNEL, ESP SPIs: ca6054d3_i c01e4d30_o venus# ipsec statusall | grep 'peer.*INSTALLED' [YES] peer{1}: INSTALLED, TUNNEL, ESP SPIs: c01e4d30_i ca6054d3_o alice# ping -c 1 10.1.0.20 | grep '64 bytes from 10.1.0.20: icmp_seq=1' [YES] 64 bytes from 10.1.0.20: icmp_seq=1 ttl=64 time=0.503 ms venus# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq=1' [YES] 64 bytes from 10.1.0.10: icmp_seq=1 ttl=64 time=0.430 ms POST-TEST venus# ipsec stop Stopping strongSwan IPsec... alice# ipsec stop Stopping strongSwan IPsec... carol# ipsec stop Stopping strongSwan IPsec... alice# /etc/init.d/iptables stop 2> /dev/null * Stopping firewall ... [ ok ] moon# /etc/init.d/iptables stop 2> /dev/null * Stopping firewall ... [ ok ] carol# /etc/init.d/iptables stop 2> /dev/null * Stopping firewall ... [ ok ] venus# /etc/init.d/iptables stop 2> /dev/null * Stopping firewall ... [ ok ] moon# conntrack -F moon# killall tcpdump