TCPDUMP

moon# tcpdump -i eth0 not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &

PRE-TEST

moon# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables start 2> /dev/null
 * Caching service dependencies ...                                       [ ok ]
 * Starting firewall ...                                                  [ ok ]

moon# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

carol# ipsec start
Starting strongSwan 4.3.6 IPsec [starter]...

carol# sleep 1

carol# ssh -o ConnectTimeout=5 10.1.0.10 hostname
alice

carol# ping -c 1 10.1.0.10 > /dev/null
ping: sendmsg: Operation not permitted

carol# sleep 2


TEST

carol# ping -c 1 10.1.0.10 | grep '64 bytes from 10.1.0.10: icmp_seq' [YES]
64 bytes from 10.1.0.10: icmp_seq=1 ttl=63 time=0.430 ms

carol# ping -c 1 10.1.0.1 | grep '64 bytes from 10.1.0.1: icmp_seq' [YES]
64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.303 ms

carol# ssh 10.1.0.10 hostname | grep 'alice' [YES]
alice

carol# cat /var/log/daemon.log | grep 'creating acquire job' [YES]
Feb 28 01:18:41 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32 === 192.168.0.1/32 with reqid {2} 
Feb 28 01:18:41 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32[tcp] === 10.1.0.10/32[tcp/ssh] with reqid {2} 
Feb 28 01:18:44 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32 === 192.168.0.1/32 with reqid {1} 
Feb 28 01:18:44 carol charon: 05[KNL] creating acquire job for policy 192.168.0.100/32[icmp/8] === 10.1.0.10/32[icmp] with reqid {1} 

carol# ipsec statusall | grep 'home-icmp.*INSTALLED' [YES]
   home-icmp{1}:  INSTALLED, TUNNEL, ESP SPIs: cc6fd413_i ccdfc261_o

carol# ipsec statusall | grep 'home-ssh.*INSTALLED' [YES]
    home-ssh{2}:  INSTALLED, TUNNEL, ESP SPIs: c6007152_i c3a095ae_o

moon# ipsec statusall | grep 'rw-icmp.*INSTALLED' [YES]
     rw-icmp{2}:  INSTALLED, TUNNEL, ESP SPIs: ccdfc261_i cc6fd413_o

moon# ipsec statusall | grep 'rw-ssh.*INSTALLED' [YES]
      rw-ssh{1}:  INSTALLED, TUNNEL, ESP SPIs: c3a095ae_i c6007152_o

moon# killall tcpdump

moon# cat /tmp/tcpdump.log | grep 'IP carol.strongswan.org > moon.strongswan.org: ESP' [YES]
01:18:44.614056 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1), length 100
01:18:44.617512 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x2), length 100
01:18:44.658836 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x3), length 100
01:18:44.658839 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x4), length 116
01:18:44.659931 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x5), length 884
01:18:44.667230 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x6), length 116
01:18:44.675914 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x7), length 244
01:18:44.686300 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x8), length 116
01:18:44.701433 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x9), length 148
01:18:44.702384 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0xa), length 164
01:18:44.717579 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0xb), length 484
01:18:44.722129 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0xc), length 228
01:18:44.726902 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0xd), length 164
01:18:44.759730 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0xe), length 100
01:18:44.766673 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0xf), length 100
01:18:44.769160 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x10), length 100
01:18:44.771504 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x11), length 100
01:18:44.771510 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x12), length 132
01:18:44.771516 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x13), length 100
01:18:44.779455 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x14), length 100
01:18:57.315732 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xccdfc261,seq=0x1), length 132
01:18:57.484580 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xccdfc261,seq=0x2), length 132
01:18:57.648305 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x15), length 100
01:18:57.648663 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x16), length 100
01:18:57.674305 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x17), length 100
01:18:57.675519 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x18), length 116
01:18:57.676770 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x19), length 884
01:18:57.684814 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1a), length 116
01:18:57.696718 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1b), length 244
01:18:57.705873 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1c), length 116
01:18:57.716474 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1d), length 148
01:18:57.717114 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1e), length 164
01:18:57.734532 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x1f), length 484
01:18:57.745703 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x20), length 228
01:18:57.760153 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x21), length 164
01:18:57.804120 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x22), length 100
01:18:57.804696 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x23), length 100
01:18:57.806174 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x24), length 100
01:18:57.806177 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x25), length 132
01:18:57.806180 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x26), length 100
01:18:57.811690 IP carol.strongswan.org > moon.strongswan.org: ESP(spi=0xc3a095ae,seq=0x27), length 100

moon# cat /tmp/tcpdump.log | grep 'IP moon.strongswan.org > carol.strongswan.org: ESP' [YES]
01:18:44.617228 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1), length 100
01:18:44.657186 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x2), length 116
01:18:44.659760 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x3), length 100
01:18:44.660044 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x4), length 100
01:18:44.666502 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x5), length 884
01:18:44.672887 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x6), length 244
01:18:44.682936 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x7), length 564
01:18:44.701178 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x8), length 100
01:18:44.701760 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x9), length 100
01:18:44.701870 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0xa), length 148
01:18:44.708668 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0xb), length 164
01:18:44.721225 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0xc), length 132
01:18:44.726581 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0xd), length 148
01:18:44.729084 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0xe), length 180
01:18:44.766038 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0xf), length 148
01:18:44.768370 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x10), length 132
01:18:44.769255 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x11), length 260
01:18:44.779024 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x12), length 100
01:18:57.315950 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xcc6fd413,seq=0x1), length 132
01:18:57.484656 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xcc6fd413,seq=0x2), length 132
01:18:57.648538 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x13), length 100
01:18:57.674099 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x14), length 116
01:18:57.675621 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x15), length 100
01:18:57.676878 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x16), length 100
01:18:57.683870 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x17), length 884
01:18:57.689749 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x18), length 244
01:18:57.702885 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x19), length 564
01:18:57.716367 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1a), length 100
01:18:57.716664 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1b), length 100
01:18:57.716819 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1c), length 148
01:18:57.720429 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1d), length 164
01:18:57.743353 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1e), length 132
01:18:57.759506 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x1f), length 148
01:18:57.766718 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x20), length 180
01:18:57.804172 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x21), length 148
01:18:57.804739 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x22), length 132
01:18:57.804766 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x23), length 260
01:18:57.811181 IP moon.strongswan.org > carol.strongswan.org: ESP(spi=0xc6007152,seq=0x24), length 100


POST-TEST

moon# ipsec stop
Stopping strongSwan IPsec...

carol# ipsec stop
Stopping strongSwan IPsec...

moon# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]

carol# /etc/init.d/iptables stop 2> /dev/null
 * Stopping firewall ...                                                  [ ok ]