east:~# route delete -net 192.0.1.0 netmask 255.255.255.0 east:~# route delete -net default east:~# route add -net default gw 192.1.2.45 east:~# named east:~# TESTNAME=food-groups-clear-or-oe-01 east:~# source /testing/pluto/bin/eastlocal.sh east:~# echo end eastinit.sh end eastinit.sh east:~# dig 23.2.1.192.in-addr.arpa. txt ; <<>> DiG VERSION<<>> 23.2.1.192.in-addr.arpa. txt ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;23.2.1.192.in-addr.arpa. IN TXT ;; ANSWER SECTION: 23.2.1.192.in-addr.arpa. 604800 IN TXT "X-IPsec-Server(10)=192.1.2.23" " AQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwX" "IKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL" ;; Query time: 25 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: DATE ;; MSG SIZE rcvd: SIZE east:~# /testing/pluto/bin/look-for-txt 23.2.1.192.in-addr.arpa. AQN3cn11F LOOK-FOR-TXT FOUND AQN3cn11F east:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION east:~# /testing/pluto/basic-pluto-01/eroutewait.sh trap east:~# ipsec auto --add clear-or-private east:~# ipsec whack --listen 002 listening for IKE messages 002 forgetting secrets 002 loading secrets from "/tmp/food-groups-clear-or-oe-01/ipsec.secrets" 002 loading group "/tmp/food-groups-clear-or-oe-01/ipsec.d/policies/clear-or-private" east:~# ipsec auto --route clear-or-private east:~# ipsec whack --debug-oppo --debug-control east:~# ipsec look east NOW 0.0.0.0/0 -> 0.0.0.0/0 => %trap 192.1.2.23/32 -> 192.0.1.0/24 => %pass ipsec0->eth1 mtu=16260(9999)->1500 ROUTING TABLE 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 192.1.2.0/24 dev ipsec0 proto kernel scope link src 192.1.2.23 192.0.1.0/24 via 192.1.2.45 dev ipsec0 0.0.0.0/1 via 192.1.2.45 dev ipsec0 128.0.0.0/1 via 192.1.2.45 dev ipsec0 default via 192.1.2.45 dev eth1 east:~# ping -c 1 -n 192.0.1.1 PING 192.0.1.1 (192.0.1.1): 56 data bytes 64 bytes from 192.0.1.1: icmp_seq=0 ttl=257 time=999 ms --- 192.0.1.1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms east:~# sleep 5 east:~# ping -c 8 -n 192.0.1.1 PING 192.0.1.1 (192.0.1.1): 56 data bytes 64 bytes from 192.0.1.1: icmp_seq=0 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=1 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=2 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=3 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=4 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=5 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=6 ttl=257 time=999 ms 64 bytes from 192.0.1.1: icmp_seq=7 ttl=257 time=999 ms --- 192.0.1.1 ping statistics --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms east:~# ipsec look east NOW 0.0.0.0/0 -> 0.0.0.0/0 => %trap 192.1.2.23/32 -> 192.0.1.0/24 => %pass ipsec0->eth1 mtu=16260(9999)->1500 ROUTING TABLE 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 192.1.2.0/24 dev ipsec0 proto kernel scope link src 192.1.2.23 192.0.1.0/24 via 192.1.2.45 dev ipsec0 0.0.0.0/1 via 192.1.2.45 dev ipsec0 128.0.0.0/1 via 192.1.2.45 dev ipsec0 default via 192.1.2.45 dev eth1 east:~# echo end eastrun.sh end eastrun.sh east:~# east:~# ipsec setup stop IPSEC EVENT: KLIPS device ipsec0 shut down. ipsec_setup: Stopping Libreswan IPsec... east:~# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log klogd 1.3-3#33.1, log source = /proc/kmsg started. east:~# halt -p -f Power down.