/testing/guestbin/swan-prep --x509 --x509name key4096
Preparing X.509 files
road #
 ipsec start
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 iptables -I INPUT -p udp -m length --length 0x5dc:0xffff -j DROP
road #
 ipsec auto --add x509
"x509": added IKEv1 connection
road #
 echo done
done
road #
 ipsec auto --up x509
"x509" #1: initiating IKEv1 Main Mode connection
"x509" #1: sent Main Mode request
"x509" #1: sent Main Mode I2
"x509" #1: I am sending my cert
"x509" #1: I am sending a certificate request
"x509" #1: sent Main Mode I3
"x509" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
"x509" #1: authenticated peer certificate 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' and 3nnn-bit RSA with SHA1 signature issued by 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
"x509" #1: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"x509" #2: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+IKE_FRAG_FORCE+ESN_NO+ESN_YES
"x509" #2: sent Quick Mode request
"x509" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
road #
 echo done
done
road #
 grep "fragment" /tmp/pluto.log | grep -v delref
| peer supports fragmentation
| sending IKE fragment id '1', number '1'
| sending IKE fragment id '1', number '2'
| sending IKE fragment id '1', number '3'
| sending IKE fragment id '1', number '4'
| sending IKE fragment id '1', number '5' (last)
| sending IKE fragment id '1', number '1'
| sending IKE fragment id '1', number '2'
| sending IKE fragment id '1', number '3'
| sending IKE fragment id '1', number '4'
| sending IKE fragment id '1', number '5' (last)
|    fragment id: 1 (00 01)
|    fragment number: 1 (01)
| received IKE fragment id '1', number '1'
|    fragment id: 1 (00 01)
|    fragment number: 2 (02)
| received IKE fragment id '1', number '2'
|    fragment id: 1 (00 01)
|    fragment number: 3 (03)
| received IKE fragment id '1', number '3'
|    fragment id: 1 (00 01)
|    fragment number: 4 (04)
| received IKE fragment id '1', number '4'
|    fragment id: 1 (00 01)
|    fragment number: 5 (05)
| received IKE fragment id '1', number '5'(last)
|  updated IKE fragment state to respond using fragments without waiting for re-transmits
| sending IKE fragment id '1', number '1'
| sending IKE fragment id '1', number '2' (last)
road #
 
