TCPDUMP

moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &

PRE-TEST

moon# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

moon# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

carol# ipsec start
Starting strongSwan 4.2.17 IPsec [starter]...

carol# sleep 1

carol# ssh 10.1.0.10 hostname
alice

carol# ping -c 1 10.1.0.10 > /dev/null
ping: sendmsg: Operation not permitted

carol# sleep 2


TEST

carol# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq' [YES]
64 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=1.59 ms

carol# ping -c 1 10.1.0.1 | grep '64 bytes from 10.1.0.1: icmp_seq' [YES]
64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.533 ms

carol# ssh 10.1.0.10 hostname | grep 'alice' [YES]
alice

carol# cat /var/log/daemon.log | grep 'creating acquire job' [YES]
Jul 20 17:07:23 carol charon: 04[KNL] creating acquire job for policy 192.168.0.100/32 === 192.168.0.1/32 with reqid {2} 
Jul 20 17:07:26 carol charon: 04[KNL] creating acquire job for policy 192.168.0.100/32 === 192.168.0.1/32 with reqid {1} 

carol# ipsec statusall | grep 'home-icmp.*INSTALLED' [YES]
   home-icmp{1}:  INSTALLED, TUNNEL, ESP SPIs: c58b0184_i c505bf36_o

carol# ipsec statusall | grep 'home-ssh.*INSTALLED' [YES]
    home-ssh{2}:  INSTALLED, TUNNEL, ESP SPIs: c5a4898b_i cf4b02b3_o

moon# ipsec statusall | grep 'rw-icmp.*INSTALLED' [YES]
     rw-icmp{2}:  INSTALLED, TUNNEL, ESP SPIs: c505bf36_i c58b0184_o

moon# ipsec statusall | grep 'rw-ssh.*INSTALLED' [YES]
      rw-ssh{1}:  INSTALLED, TUNNEL, ESP SPIs: cf4b02b3_i c5a4898b_o

moon# killall tcpdump

moon# cat /tmp/tcpdump.log | grep 'IP carol.strongswan.org > moon.strongswan.org: ESP' [YES]
17:07:25.752408 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1), length 100
17:07:25.754438 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x2), length 100
17:07:25.820757 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x3), length 100
17:07:25.822335 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x4), length 116
17:07:25.825602 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x5), length 884
17:07:25.844920 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x6), length 116
17:07:25.877070 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x7), length 244
17:07:25.906503 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x8), length 116
17:07:25.907179 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x9), length 148
17:07:25.908725 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0xa), length 164
17:07:25.927127 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0xb), length 484
17:07:25.940806 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0xc), length 228
17:07:25.955188 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0xd), length 164
17:07:26.023091 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0xe), length 100
17:07:26.024642 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0xf), length 132
17:07:26.024945 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x10), length 100
17:07:26.036050 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x11), length 100
17:07:39.044917 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc505bf36,seq=0x1), length 132
17:07:39.390622 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc505bf36,seq=0x2), length 132
17:07:39.740799 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x12), length 100
17:07:39.741449 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x13), length 100
17:07:39.808906 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x14), length 100
17:07:39.810446 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x15), length 116
17:07:39.811730 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x16), length 884
17:07:39.837472 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x17), length 116
17:07:39.874294 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x18), length 244
17:07:39.898376 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x19), length 100
17:07:39.901168 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1a), length 116
17:07:39.901814 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1b), length 148
17:07:39.903053 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1c), length 100
17:07:39.903330 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1d), length 164
17:07:39.921958 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1e), length 484
17:07:39.935394 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x1f), length 228
17:07:39.950440 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x20), length 164
17:07:40.017618 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x21), length 100
17:07:40.019017 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x22), length 132
17:07:40.019460 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x23), length 100
17:07:40.026065 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcf4b02b3,seq=0x24), length 100

moon# cat /tmp/tcpdump.log | grep 'IP moon.strongswan.org > carol.strongswan.org: ESP' [YES]
17:07:25.752831 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1), length 100
17:07:25.820344 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x2), length 116
17:07:25.822581 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x3), length 100
17:07:25.826258 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x4), length 100
17:07:25.843971 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x5), length 884
17:07:25.869078 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x6), length 244
17:07:25.886413 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x7), length 100
17:07:25.895448 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x8), length 564
17:07:25.906946 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x9), length 100
17:07:25.907787 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0xa), length 100
17:07:25.908188 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0xb), length 148
17:07:25.915112 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0xc), length 164
17:07:25.938406 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0xd), length 132
17:07:25.954554 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0xe), length 148
17:07:26.021627 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0xf), length 100
17:07:26.022368 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x10), length 308
17:07:26.022783 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x11), length 148
17:07:26.023180 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x12), length 164
17:07:26.035835 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x13), length 100
17:07:39.046165 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc58b0184,seq=0x1), length 132
17:07:39.390801 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc58b0184,seq=0x2), length 132
17:07:39.741221 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x14), length 100
17:07:39.808591 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x15), length 116
17:07:39.810685 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x16), length 100
17:07:39.811969 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x17), length 100
17:07:39.836414 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x18), length 884
17:07:39.866090 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x19), length 244
17:07:39.882412 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1a), length 100
17:07:39.892331 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1b), length 564
17:07:39.901582 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1c), length 100
17:07:39.902362 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1d), length 100
17:07:39.902759 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1e), length 148
17:07:39.909816 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x1f), length 164
17:07:39.929403 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x20), length 100
17:07:39.933239 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x21), length 132
17:07:39.948531 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x22), length 100
17:07:39.949815 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x23), length 148
17:07:40.016951 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x24), length 308
17:07:40.017052 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x25), length 148
17:07:40.017167 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x26), length 164
17:07:40.025857 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc5a4898b,seq=0x27), length 100


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...

moon# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]