/testing/guestbin/swan-prep
west #
 ../bin/algo-west-pluto.sh
protocol=ah
initiator_stack=klips
responder_stack=klips
version=ikev1
encrypt=3des integ=md5
proto=authenticate algs= md5
check the stack is klips
	protostack=klips
confirm that the network is alive
destination -I 192.0.1.254 192.0.2.254 is alive
ensure that clear text does not get through
down
Redirecting to: [initsystem]
[ 00.00] registered KLIPS /proc/sys/net
[ 00.00] ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=253 name=cbc(twofish) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=252 name=cbc(serpent) keyminbits=128 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=6 name=cbc(cast5) keyminbits=128 keymaxbits=128, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0)
[ 00.00] KLIPS: lookup for ciphername=cipher_null: not found
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=2 name=hmac(md5) ctx_size=NN keyminbits=128 keymaxbits=128, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=3 name=hmac(sha1) ctx_size=NN keyminbits=160 keymaxbits=160, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=5 name=hmac(sha256) ctx_size=NN keyminbits=256 keymaxbits=256, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=6 name=hmac(sha384) ctx_size=NN keyminbits=384 keymaxbits=384, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=7 name=hmac(sha512) ctx_size=NN keyminbits=512 keymaxbits=512, found(0)
[ 00.00] KLIPS cryptoapi interface: alg_type=14 alg_id=252 name=hmac(sha256) ctx_size=NN keyminbits=256 keymaxbits=256, found(0)
[ 00.00] 
testing md5
+
+ authenticate-ikev1-md5
+
+ ipsec whack --name authenticate-ikev1-md5 --ikev1-allow --psk --esp md5 --authenticate --pfs --no-esn --id @west --host 192.1.2.45 --nexthop 192.1.2.23 --client 192.0.1.0/24 --to --id @east --host 192.1.2.23 --nexthop=192.1.2.45 --client 192.0.2.0/24
002 added connection description "authenticate-ikev1-md5"
+
002 "authenticate-ikev1-md5" #1: initiating Main Mode
1v1 "authenticate-ikev1-md5" #1: STATE_MAIN_I1: sent MI1, expecting MR1
1v1 "authenticate-ikev1-md5" #1: STATE_MAIN_I2: sent MI2, expecting MR2
1v1 "authenticate-ikev1-md5" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "authenticate-ikev1-md5" #1: Peer ID is ID_FQDN: '@east'
004 "authenticate-ikev1-md5" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
002 "authenticate-ikev1-md5" #2: initiating Quick Mode PSK+AUTHENTICATE+TUNNEL+PFS+UP+IKEV1_ALLOW+ESN_NO
1v1 "authenticate-ikev1-md5" #2: STATE_QUICK_I1: sent QI1, expecting QR1
004 "authenticate-ikev1-md5" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {AH=>0xAHAH <0xAHAH xfrm=HMAC_MD5_96 NATOA=none NATD=none DPD=passive}
+
sleep 2 # hack around bug in IKEv1 KLIPS AH
+
up
+
002 "authenticate-ikev1-md5": terminating SAs using this connection
002 "authenticate-ikev1-md5" #2: deleting state (STATE_QUICK_I2) and sending notification
005 "authenticate-ikev1-md5" #2: AH traffic information: in=17592186044415MB out=84B
002 "authenticate-ikev1-md5" #1: deleting state (STATE_MAIN_I4) and sending notification
+
west #
 ../../pluto/bin/ipsec-look.sh
west NOW
ipsec0->eth1 mtu=16260(9999)->1500
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

