PRE-TEST

moon# rm /etc/ipsec.d/cacerts/*

carol# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

moon# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

carol# sleep 2

carol# ipsec up home
002 "home" #1: initiating Main Mode
104 "home" #1: STATE_MAIN_I1: initiate
010 "home" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "home" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
031 "home" #1: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message


TEST

carol# ipsec status | grep 'home.*STATE_QUICK_I2.*IPsec SA established' [NO]

moon# cat /var/log/auth.log | grep 'peer requests PUBKEY authentication' [YES]
Feb 27 23:44:24 moon pluto[26909]: | preparse_isakmp_policy: peer requests PUBKEY authentication
Feb 27 23:44:34 moon pluto[26909]: | preparse_isakmp_policy: peer requests PUBKEY authentication
Feb 27 23:44:54 moon pluto[26909]: | preparse_isakmp_policy: peer requests PUBKEY authentication

moon# cat /var/log/auth.log | grep 'but no connection has been authorized with policy=PUBKEY' [YES]
Feb 27 23:44:24 moon pluto[26909]: packet from 192.168.0.100:500: initial Main Mode message received on 192.168.0.1:500 but no connection has been authorized with policy=PUBKEY
Feb 27 23:44:34 moon pluto[26909]: packet from 192.168.0.100:500: initial Main Mode message received on 192.168.0.1:500 but no connection has been authorized with policy=PUBKEY
Feb 27 23:44:54 moon pluto[26909]: packet from 192.168.0.100:500: initial Main Mode message received on 192.168.0.1:500 but no connection has been authorized with policy=PUBKEY

moon# ipsec status | grep '*192.168.0.100 STATE_QUICK_R2.*IPsec SA established' [NO]


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...