/testing/guestbin/swan-prep --hostkeys
Creating NSS database containing host keys
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec whack --impair replay_inbound
IMPAIR: recording all inbound messages
IMPAIR: replay all inbound messages old-to-new: no -> yes
east #
 ipsec auto --add westnet-eastnet
"westnet-eastnet": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 ../../guestbin/ipsec-kernel-state.sh
east #
 ../../guestbin/ipsec-kernel-policy.sh
east #
 sed -n -e '/IMPAIR: start processing inbound replay forward/,/IMPAIR: stop processing inbound replay forward/ { /^[^|]/ p }' /tmp/pluto.log | grep -v 'message arrived'
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 1
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: processing IKE_SA_INIT request from 192.1.2.45:UDP/500 containing SA,KE,Ni,N(IKEV2_FRAGMENTATION_SUPPORTED),N(SIGNATURE_HASH_ALGORITHMS),N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP)
"westnet-eastnet" #1: proposal 1:IKE=AES_GCM_16_256-HMAC_SHA2_512-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_GCM_16_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519;DH=MODP4096;DH=MODP3072;DH=MODP2048;DH=MODP8192[first-match] 2:IKE:ENCR=AES_GCM_16_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519;DH=MODP4096;DH=MODP3072;DH=MODP2048;DH=MODP8192 3:IKE:ENCR=CHACHA20_POLY1305;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519;DH=MODP4096;DH=MODP3072;DH=MODP2048;DH=MODP8192 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519;DH=MODP4096;DH=MODP3072;DH=MODP2048;DH=MODP8192 5:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519;DH=MODP4096;DH=MODP3072;DH=MODP2048;DH=MODP8192
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 1
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 1
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: received duplicate IKE_SA_INIT request; retransmitting response
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 1
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 2
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: received IKE_AUTH request fragment 1 (1 of 2), computing DH in the background
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 2
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 1
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: received duplicate IKE_SA_INIT request; retransmitting response
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 1
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 2
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: dropping fragment 1 of 2 as repeat
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 2
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 3
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 3
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 1
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: received old IKE_SA_INIT request; packet dropped
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 1
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 2
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #1: IKE_AUTH request fragment 1 of 2 has duplicate Message ID 1; retransmitting response
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 2
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 3
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 3
packet from 192.1.2.45:500: IMPAIR: start processing inbound replay forward packet 4
"westnet-eastnet" #1: IMPAIR: processing a fake (cloned) message
"westnet-eastnet" #2: ESP traffic information: in=84B out=84B
"westnet-eastnet" #1: deleting IKE SA (established IKE SA)
packet from 192.1.2.45:500: IMPAIR: stop processing inbound replay forward packet 4
east #
 
