TCPDUMP

moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &

PRE-TEST

moon# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

moon# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

carol# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

carol# sleep 1

carol# ssh -o ConnectTimeout=5 10.1.0.10 hostname
alice

carol# ping -c 1 10.1.0.10 > /dev/null
ping: sendmsg: Operation not permitted

carol# sleep 2


TEST

carol# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq' [YES]
64 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=1.36 ms

carol# ping -c 1 10.1.0.1 | grep '64 bytes from 10.1.0.1: icmp_seq' [YES]
64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.496 ms

carol# ssh 10.1.0.10 hostname | grep 'alice' [YES]
alice

carol# cat /var/log/daemon.log | grep 'creating acquire job' [YES]
Feb 28 00:40:47 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32[tcp] === 10.1.0.10/32[tcp/ssh] with reqid {2} 
Feb 28 00:40:47 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32[tcp] === 10.1.0.10/32[tcp/ssh] with reqid {2} 
Feb 28 00:40:50 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32[icmp/8] === 10.1.0.10/32[icmp] with reqid {1} 
Feb 28 00:40:50 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32[icmp/8] === 10.1.0.10/32[icmp] with reqid {1} 

carol# ipsec statusall | grep 'home-icmp.*INSTALLED' [YES]
   home-icmp{1}:  INSTALLED, TUNNEL, ESP SPIs: c775ec3e_i cbd2949b_o

carol# ipsec statusall | grep 'home-ssh.*INSTALLED' [YES]
    home-ssh{2}:  INSTALLED, TUNNEL, ESP SPIs: c435809b_i ca8836df_o

moon# ipsec statusall | grep 'rw-icmp.*INSTALLED' [YES]
     rw-icmp{2}:  INSTALLED, TUNNEL, ESP SPIs: cbd2949b_i c775ec3e_o

moon# ipsec statusall | grep 'rw-ssh.*INSTALLED' [YES]
      rw-ssh{1}:  INSTALLED, TUNNEL, ESP SPIs: ca8836df_i c435809b_o

moon# killall tcpdump

moon# cat /tmp/tcpdump.log | grep 'IP carol.strongswan.org > moon.strongswan.org: ESP' [YES]
00:40:50.699182 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1), length 100
00:40:50.702705 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x2), length 100
00:40:50.728783 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x3), length 100
00:40:50.728786 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x4), length 116
00:40:50.729067 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x5), length 884
00:40:50.738433 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x6), length 116
00:40:50.748988 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x7), length 244
00:40:50.758911 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x8), length 116
00:40:50.769499 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x9), length 148
00:40:50.770237 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0xa), length 164
00:40:50.791677 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0xb), length 484
00:40:50.803414 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0xc), length 228
00:40:50.819928 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0xd), length 164
00:40:50.866049 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0xe), length 100
00:40:50.867173 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0xf), length 100
00:40:50.867385 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x10), length 132
00:40:50.867880 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x11), length 100
00:40:50.870784 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x12), length 100
00:41:03.417016 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcbd2949b,seq=0x1), length 132
00:41:03.571954 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xcbd2949b,seq=0x2), length 132
00:41:03.717531 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x13), length 100
00:41:03.717861 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x14), length 100
00:41:03.744990 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x15), length 100
00:41:03.746809 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x16), length 116
00:41:03.755291 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x17), length 884
00:41:03.773407 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x18), length 116
00:41:03.798875 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x19), length 244
00:41:03.825144 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1a), length 116
00:41:03.846040 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1b), length 148
00:41:03.846578 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1c), length 164
00:41:03.874543 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1d), length 484
00:41:03.879683 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1e), length 228
00:41:03.884201 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x1f), length 164
00:41:03.909267 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x20), length 100
00:41:03.909718 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x21), length 100
00:41:03.910572 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x22), length 100
00:41:03.910794 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x23), length 132
00:41:03.910939 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x24), length 100
00:41:03.914391 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xca8836df,seq=0x25), length 100

moon# cat /tmp/tcpdump.log | grep 'IP moon.strongswan.org > carol.strongswan.org: ESP' [YES]
00:40:50.702311 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1), length 100
00:40:50.727059 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x2), length 116
00:40:50.728952 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x3), length 100
00:40:50.729184 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x4), length 100
00:40:50.737947 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x5), length 884
00:40:50.742254 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x6), length 244
00:40:50.755678 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x7), length 564
00:40:50.769323 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x8), length 100
00:40:50.769739 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x9), length 100
00:40:50.769839 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0xa), length 148
00:40:50.776222 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0xb), length 164
00:40:50.801275 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0xc), length 132
00:40:50.819103 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0xd), length 148
00:40:50.826008 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0xe), length 180
00:40:50.865909 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0xf), length 148
00:40:50.866914 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x10), length 132
00:40:50.866943 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x11), length 260
00:40:50.870588 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x12), length 100
00:41:03.417983 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc775ec3e,seq=0x1), length 132
00:41:03.572031 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc775ec3e,seq=0x2), length 132
00:41:03.717726 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x13), length 100
00:41:03.744573 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x14), length 116
00:41:03.746923 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x15), length 100
00:41:03.754851 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x16), length 884
00:41:03.773128 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x17), length 100
00:41:03.773666 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x18), length 100
00:41:03.790873 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x19), length 244
00:41:03.816219 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1a), length 564
00:41:03.845926 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1b), length 100
00:41:03.846311 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1c), length 100
00:41:03.846344 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1d), length 148
00:41:03.867687 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1e), length 164
00:41:03.878531 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x1f), length 132
00:41:03.883936 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x20), length 148
00:41:03.886346 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x21), length 180
00:41:03.909509 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x22), length 148
00:41:03.910120 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x23), length 132
00:41:03.910193 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x24), length 260
00:41:03.913575 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc435809b,seq=0x25), length 100


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...

moon# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]