west:~# TESTNAME=dpd-05 west:~# source /testing/pluto/bin/westlocal.sh west:~# iptables -F INPUT west:~# iptables -F OUTPUT west:~# ipsec setup start ipsec_setup: Starting Openswan IPsec VERSION west:~# sleep 5 west:~# ipsec auto --add west-east west:~# ping -q -c 8 -n 192.1.2.23 PING 192.1.2.23 (192.1.2.23): 56 data bytes --- 192.1.2.23 ping statistics --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms west:~# ipsec auto --up west-east 112 "west-east" #1: STATE_AGGR_I1: initiate 003 "west-east" #1: received Vendor ID payload [Dead Peer Detection] 004 "west-east" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536} 117 "west-east" #2: STATE_QUICK_I1: initiate 004 "west-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode west:~# echo "Tunnel should be up" Tunnel should be up west:~# ipsec eroute 0 192.1.2.45/32 -> 192.1.2.23/32 => tun0x1001@192.1.2.23 west:~# sleep 15 west:~# echo "Setting up block" Setting up block west:~# iptables -I INPUT -s 192.1.2.23/32 -d 0/0 -j DROP west:~# iptables -I OUTPUT -d 192.1.2.23/32 -s 0/0 -j DROP west:~# sleep 10 west:~# ipsec eroute 0 192.1.2.45/32 -> 192.1.2.23/32 => tun0x1001@192.1.2.23 west:~# sleep 10 west:~# ipsec eroute 0 192.1.2.45/32 -> 192.1.2.23/32 => %trap west:~# sleep 10 west:~# echo "Tunnel should be down on West, not East" Tunnel should be down on West, not East west:~# ipsec eroute 0 192.1.2.45/32 -> 192.1.2.23/32 => %trap west:~# echo "Removing block" Removing block west:~# iptables -D INPUT -s 192.1.2.23/32 -d 0/0 -j DROP west:~# iptables -D OUTPUT -d 192.1.2.23/32 -s 0/0 -j DROP west:~# ping -q -c 8 -n 192.1.2.23 PING 192.1.2.23 (192.1.2.23): 56 data bytes --- 192.1.2.23 ping statistics --- 8 packets transmitted, 7 packets received, 12% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms west:~# echo "Tunnel should be up" Tunnel should be up west:~# ipsec eroute 16 192.1.2.45/32 -> 192.1.2.23/32 => tun0x1003@192.1.2.23 west:~# echo end end west:~#