PRE-TEST

moon# echo 1 > /proc/sys/net/ipv4/ip_forward

moon# rm /etc/ipsec.d/cacerts/strongswanCert.pem

carol# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

moon# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

carol# sleep 2

carol# ipsec up alice
002 "alice" #1: initiating Main Mode
104 "alice" #1: STATE_MAIN_I1: initiate
003 "alice" #1: ignoring Vendor ID payload [strongSwan]
003 "alice" #1: received Vendor ID payload [XAUTH]
003 "alice" #1: received Vendor ID payload [Dead Peer Detection]
106 "alice" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "alice" #1: we have a cert and are sending it upon request
108 "alice" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "alice" #1: ignoring informational payload, type INVALID_KEY_INFORMATION
010 "alice" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "alice" #1: byte 2 of ISAKMP Hash Payload must be zero, but is not
003 "alice" #1: malformed payload in packet
003 "alice" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "alice" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "alice" #1: next payload type of ISAKMP Hash Payload has an unknown value: 88
003 "alice" #1: malformed payload in packet
003 "alice" #1: discarding duplicate packet; already STATE_MAIN_I3
031 "alice" #1: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message


TEST

moon# cat /var/log/auth.log | grep 'maximum path length of 7 exceeded' [YES]
Feb 27 23:18:43 moon pluto[19220]: "alice"[1] 192.168.0.100 #1: maximum path length of 7 exceeded

carol# ipsec status | grep 'alice.*STATE_QUICK_I2.*IPsec SA established' [NO]

moon# ipsec status | grep 'alice.*192.168.0.100.*STATE_QUICK_R2.*IPsec SA established' [NO]


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...

moon# rm /etc/ipsec.d/cacerts/*