TCPDUMP moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 & PRE-TEST moon# /etc/init.d/iptables start 2> /dev/null * Caching service dependencies ... [ ok ] * Starting firewall ... [ ok ] carol# /etc/init.d/iptables start 2> /dev/null * Caching service dependencies ... [ ok ] * Starting firewall ... [ ok ] moon# ipsec start Starting strongSwan 4.3.6 IPsec [starter]... carol# ipsec start Starting strongSwan 4.3.6 IPsec [starter]... carol# sleep 3 carol# ssh -o ConnectTimeout=5 10.1.0.10 hostname ssh: connect to host 10.1.0.10 port 22: Connection timed out carol# ping -c 1 10.1.0.1 > /dev/null ping: sendmsg: Operation not permitted carol# sleep 2 TEST carol# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq' [YES] 64 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=1.81 ms carol# ping -c 1 10.1.0.1 | grep '64 bytes from 10.1.0.1: icmp_seq' [YES] 64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.298 ms carol# ssh 10.1.0.10 hostname | grep 'alice' [YES] alice carol# cat /var/log/auth.log | grep 'initiate on demand' [YES] Feb 27 23:39:19 carol pluto[17749]: | initiate on demand from 192.168.0.100:0 to 10.1.0.10:22 proto=6 state: fos_start because: whack Feb 27 23:39:25 carol pluto[17749]: | initiate on demand from 192.168.0.100:8 to 10.1.0.1:0 proto=1 state: fos_start because: whack carol# ipsec status | grep 'home.*STATE_QUICK_I2.*IPsec SA established' [YES] 000 #3: "home-icmp" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 868s; newest IPSEC; eroute owner 000 #2: "home-ssh" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 935s; newest IPSEC; eroute owner moon# ipsec status | grep 'rw.*STATE_QUICK_R2.*IPsec SA established' [YES] 000 #3: "rw-icmp"[1] 192.168.0.100 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1099s; newest IPSEC; eroute owner 000 #2: "rw-ssh"[2] 192.168.0.100 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1096s; newest IPSEC; eroute owner moon# killall tcpdump moon# cat /tmp/tcpdump.log | grep 'IP carol.strongswan.org > moon.strongswan.org: ESP' [YES] 23:39:37.737311 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9e98c2bd,seq=0x1), length 132 23:39:37.876263 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9e98c2bd,seq=0x2), length 132 23:39:38.026654 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x1), length 100 23:39:38.027005 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x2), length 100 23:39:38.052351 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x3), length 100 23:39:38.052354 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x4), length 116 23:39:38.053632 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x5), length 884 23:39:38.061133 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x6), length 116 23:39:38.068803 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x7), length 244 23:39:38.080608 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x8), length 116 23:39:38.102477 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x9), length 148 23:39:38.103696 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0xa), length 164 23:39:38.123870 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0xb), length 484 23:39:38.129965 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0xc), length 228 23:39:38.135017 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0xd), length 164 23:39:38.163741 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0xe), length 100 23:39:38.167376 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0xf), length 100 23:39:38.168717 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x10), length 100 23:39:38.168720 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x11), length 132 23:39:38.168723 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x12), length 100 23:39:38.176921 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0x9d26c959,seq=0x13), length 100 moon# cat /tmp/tcpdump.log | grep 'IP moon.strongswan.org > carol.strongswan.org: ESP' [YES] 23:39:37.738852 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xd3ad9e98,seq=0x1), length 132 23:39:37.876371 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xd3ad9e98,seq=0x2), length 132 23:39:38.026885 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x1), length 100 23:39:38.051227 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x2), length 116 23:39:38.053396 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x3), length 100 23:39:38.053746 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x4), length 100 23:39:38.060673 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x5), length 884 23:39:38.065755 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x6), length 244 23:39:38.077513 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x7), length 564 23:39:38.102212 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x8), length 100 23:39:38.102730 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x9), length 100 23:39:38.102848 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0xa), length 148 23:39:38.110462 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0xb), length 164 23:39:38.129068 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0xc), length 132 23:39:38.134655 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0xd), length 148 23:39:38.137084 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0xe), length 180 23:39:38.167125 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0xf), length 148 23:39:38.167437 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x10), length 132 23:39:38.167639 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x11), length 260 23:39:38.171500 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xbfa28c21,seq=0x12), length 100 POST-TEST moon# ipsec stop Stopping strongSwan IPsec... carol# ipsec stop Stopping strongSwan IPsec... moon# /etc/init.d/iptables stop 2> /dev/null * Stopping firewall ... [ ok ] carol# /etc/init.d/iptables stop 2> /dev/null * Stopping firewall ... [ ok ]