Starting UML PATH/start.sh
spawn PATH single
Linux version XXXX
On node 0 totalpages: 8192
Kernel command line:
Calibrating delay loop... XXXX bogomips
Dentry-cache hash table entries: NUMBERS
Inode-cache hash table entries: NUMBERS
Mount-cache hash table entries: NUMBERS
Buffer-cache hash table entries: NUMBERS
Page-cache hash table entries: NUMEBRS
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
VFS: Diskquotas version dquot_6.4.0 initialized
devfs: VERSION Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options Q
pty: 256 Unix98 ptys configured
SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
loop: loaded (max 8 devices)
PPP generic driver version VERSION
Universal TUN/TAP device driver VERSION

NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 2048)
IPv4 over IPv4 tunneling driver
GRE over IPv4 tunneling driver
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Mounted devfs on /dev
INIT: version 2.78 booting
Activating swap...
Calculating module dependancies
done.
Loading modules: LIST

Checking all file systems...
Parallelizing fsck version 1.18 (11-Nov-1999)
Setting kernel variables.
Mounting local filesystems...
/dev/shm on /tmp type tmpfs (rw)
/dev/shm on /var/run type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0622)
none on /usr/share type hostfs (ro)
Enabling packet forwarding: done.
Configuring network interfaces: done.
Cleaning: /tmp /var/lock /var/run.
Initializing random number generator... done.
Recovering nvi editor sessions... done.
Give root password for maintenance
(or type Control-D for normal startup): 
east:~#
 klogd -c 4 -x -f /tmp/klog.log
east:~#
 set +o emacs
east:~#
 ICP=/testing/scripts/ipsec.conf.pairs
east:~#
 export PATH="$ICP/bin:$PATH"
east:~#
 cd $ICP
east:/testing/scripts/ipsec.conf.pairs# ipsec setup start
ipsec_setup: Starting FreeS/WAN IPsec VERSION
east:/testing/scripts/ipsec.conf.pairs# cat /var/run/pluto/ipsec.info
defaultroutephys=eth1
defaultroutevirt=ipsec0
defaultrouteaddr=192.1.2.23
defaultroutenexthop=192.1.2.254
east:/testing/scripts/ipsec.conf.pairs# ( cd ignat ; drill ; differ+ ; cd .. ; )
++ ipsec setup --config v2 --showonly start
++ ipsec setup --config v2 --showonly stop
++ ipsec _confread --config v2 --search auto route
++ auto v2 ignore ignore -
++ ipsec _confread --config v2 --varprefix YYZ --search auto ignore
++ . /tmp/list.ignore.v2
+++ YYZ_confreadnames=OEself
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' X- '!=' X- -a -z '' -a -n OEself ']'
++ auto v2 manual manual -
++ ipsec _confread --config v2 --varprefix YYZ --search auto manual
++ . /tmp/list.manual.v2
+++ YYZ_confreadnames=
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' X- '!=' X- -a -z '' -a -n '' ']'
++ auto v2 add 'add route start' add
++ ipsec _confread --config v2 --varprefix YYZ --search auto add route start
++ . /tmp/list.add.v2
+++ YYZ_confreadnames=packetdefault mms singtel1 block amethon elogic mms1 singtel clear-or-private clear Sasme lateral private-or-clear wap private
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' Xadd '!=' X- -a -z '' -a -n 'packetdefault mms singtel1 block amethon elogic mms1 singtel clear-or-private clear Sasme lateral private-or-clear wap private' ']'
++ ipsec auto --showonly --config v2 --add packetdefault
++ ipsec auto --showonly --config v2 --add mms
++ ipsec auto --showonly --config v2 --add singtel1
++ ipsec auto --showonly --config v2 --add block
++ ipsec auto --showonly --config v2 --add amethon
++ ipsec auto --showonly --config v2 --add elogic
++ ipsec auto --showonly --config v2 --add mms1
++ ipsec auto --showonly --config v2 --add singtel
++ ipsec auto --showonly --config v2 --add clear-or-private
++ ipsec auto --showonly --config v2 --add clear
++ ipsec auto --showonly --config v2 --add Sasme
++ ipsec auto --showonly --config v2 --add lateral
++ ipsec auto --showonly --config v2 --add private-or-clear
++ ipsec auto --showonly --config v2 --add wap
++ ipsec auto --showonly --config v2 --add private
++ auto v2 route 'route start' route
++ ipsec _confread --config v2 --varprefix YYZ --search auto route start
++ . /tmp/list.route.v2
+++ YYZ_confreadnames=packetdefault mms block amethon elogic mms1 clear-or-private clear private-or-clear wap private
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' Xroute '!=' X- -a -z '' -a -n 'packetdefault mms block amethon elogic mms1 clear-or-private clear private-or-clear wap private' ']'
++ ipsec auto --showonly --config v2 --route packetdefault
++ ipsec auto --showonly --config v2 --route mms
++ ipsec auto --showonly --config v2 --route block
++ ipsec auto --showonly --config v2 --route amethon
++ ipsec auto --showonly --config v2 --route elogic
++ ipsec auto --showonly --config v2 --route mms1
++ ipsec auto --showonly --config v2 --route clear-or-private
++ ipsec auto --showonly --config v2 --route clear
++ ipsec auto --showonly --config v2 --route private-or-clear
++ ipsec auto --showonly --config v2 --route wap
++ ipsec auto --showonly --config v2 --route private
++ auto v2 start start up
++ ipsec _confread --config v2 --varprefix YYZ --search auto start
++ . /tmp/list.start.v2
+++ YYZ_confreadnames=mms amethon elogic mms1 wap
+++ export YYZ_confreadnames
+++ YYZ_confreadstatus=
+++ export YYZ_confreadstatus
++ '[' Xup '!=' X- -a -z '' -a -n 'mms amethon elogic mms1 wap' ']'
++ ipsec auto --showonly --config v2 --up mms
++ ipsec auto --showonly --config v2 --up amethon
++ ipsec auto --showonly --config v2 --up elogic
++ ipsec auto --showonly --config v2 --up mms1
++ ipsec auto --showonly --config v2 --up wap
diff -u auto.add.v1 /tmp/auto.add.v2
@@ -1,5 +1,13 @@
 PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
 export PATH
+ipsec whack --name packetdefault --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45" --client "0.0.0.0/0" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunistic"  --nexthop "%direct" --updown "ipsec _updown"   \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
 ipsec whack --label "\"mms\" leftrsasigkey"  --keyid "@203.19.245.83" --pubkeyrsa "0sAQP...." \
 	|| exit $?
 ipsec whack --label "\"mms\" rightrsasigkey"  --keyid "@203.202.188.202" --pubkeyrsa "0sAQ..." \
@@ -20,6 +28,14 @@
 	|| exit $?
 PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
 export PATH
+ipsec whack --name block --reject --pfs  \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%group"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "28800" --rekeymargin "540" \
+	--keyingtries "0"    \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
 ipsec whack --name amethon --encrypt --tunnel --pfs --disablearrivalcheck --psk \
 	--host "203.174.137.190" --client "192.168.5.0/24" --nexthop "%direct" --updown "ipsec _updown" --id "203.174.137.190"  \
 	--to --host "203.202.188.202" --client "10.59.4.16/30" --nexthop "203.202.188.201" --updown "ipsec _updown"   \
@@ -60,6 +76,22 @@
 	|| exit $?
 PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
 export PATH
+ipsec whack --name clear-or-private --encrypt --pass --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name clear --pass --pfs  \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%group"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "28800" --rekeymargin "540" \
+	--keyingtries "0"    \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
 ipsec whack --label "\"Sasme\" leftrsasigkey"  --keyid "@ipsec.ninemsn.com.au" --pubkeyrsa "0sAQP..." \
 	|| exit $?
 ipsec whack --label "\"Sasme\" rightrsasigkey"  --keyid "@203.202.188.202" --pubkeyrsa "0sAQP..." \
@@ -80,6 +112,14 @@
 	|| exit $?
 PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
 export PATH
+ipsec whack --name private-or-clear --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
 ipsec whack --label "\"wap\" leftrsasigkey"  --keyid "@202.139.125.54" --pubkeyrsa "0sAQN..." \
 	|| exit $?
 ipsec whack --label "\"wap\" rightrsasigkey"  --keyid "@203.202.188.202" --pubkeyrsa "0sAQP...." \
@@ -89,4 +129,12 @@
 	--to --host "203.202.188.202" --client "10.59.4.16/30" --nexthop "203.202.188.201" --updown "ipsec _updown" --id "@203.202.188.202"  \
 	--ipseclifetime "28800" --rekeymargin "540" \
 	--keyingtries "0"    \
+	|| exit $?
+PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin"
+export PATH
+ipsec whack --name private --encrypt --tunnel --faildrop --pfs --ikelifetime "3600" --rsasig \
+	--host "192.1.2.45"  --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \
+	--to --host "%opportunisticgroup"  --nexthop "%direct" --updown "ipsec _updown"  --dnskeyondemand \
+	--ipseclifetime "3600" --rekeymargin "540" \
+	--keyingtries "3"  --dontrekey  \
 	|| exit $?
diff -u auto.route.v1 /tmp/auto.route.v2
@@ -1,5 +1,11 @@
+ipsec whack --name packetdefault --route
 ipsec whack --name mms --route
+ipsec whack --name block --route
 ipsec whack --name amethon --route
 ipsec whack --name elogic --route
 ipsec whack --name mms1 --route
+ipsec whack --name clear-or-private --route
+ipsec whack --name clear --route
+ipsec whack --name private-or-clear --route
 ipsec whack --name wap --route
+ipsec whack --name private --route
diff -u auto.start.v1 /tmp/auto.start.v2
diff -u confread.search.route.v1 /tmp/confread.search.route.v2
@@ -1 +1,7 @@
+=	packetdefault	
+=	block	
+=	clear-or-private	
+=	clear	
+=	private-or-clear	
+=	private	
 !		
diff -u list.add.v1 /tmp/list.add.v2
@@ -1,4 +1,4 @@
-YYZ_confreadnames="mms singtel1 amethon elogic mms1 singtel Sasme lateral wap"
+YYZ_confreadnames="packetdefault mms singtel1 block amethon elogic mms1 singtel clear-or-private clear Sasme lateral private-or-clear wap private"
 export YYZ_confreadnames
 YYZ_confreadstatus=""
 export YYZ_confreadstatus
diff -u list.ignore.v1 /tmp/list.ignore.v2
diff -u list.manual.v1 /tmp/list.manual.v2
diff -u list.route.v1 /tmp/list.route.v2
@@ -1,4 +1,4 @@
-YYZ_confreadnames="mms amethon elogic mms1 wap"
+YYZ_confreadnames="packetdefault mms block amethon elogic mms1 clear-or-private clear private-or-clear wap private"
 export YYZ_confreadnames
 YYZ_confreadstatus=""
 export YYZ_confreadstatus
diff -u list.start.v1 /tmp/list.start.v2
diff -u setup.start.out.v1 /tmp/setup.start.out.v2
@@ -7,8 +7,8 @@
 ipsec_setup: 	 echo $$ > /var/run/pluto/ipsec_setup.pid
 ipsec_setup: 	 test -s /var/run/pluto/ipsec_setup.pid || { echo "...unable to create /var/run/pluto/ipsec_setup.pid, aborting start!" ; rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
 ipsec_setup: 	 > /var/run/pluto/ipsec.info
-ipsec_setup: 	 ipsec _startklips --info /var/run/pluto/ipsec.info --debug "none" --omtu "" --fragicmp "" --hidetos "" --default "drop" --log "daemon.error" %defaultroute || { rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
-ipsec_setup: 	 test -f /proc/net/ipsec_version || { echo "OOPS, should have aborted!  Broken shell!" ; exit 1 ; }
+ipsec_setup: 	 ipsec _startklips --info /var/run/pluto/ipsec.info --debug "none" --omtu "" --fragicmp "" --hidetos "" --log "daemon.error" %defaultroute || { rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
+ipsec_setup: 	 test -f /proc/net/ipsec_version || test -f /proc/net/pfkey || { echo "OOPS, should have aborted!  Broken shell!" ; exit 1 ; }
 ipsec_setup: 	 test -d /var/lock/subsys && touch /var/lock/subsys/ipsec
 ipsec_setup: 	 ipsec _plutorun --debug "none" --uniqueids "yes" --dump "" --wait "no" --pre "" --post "" --log "daemon.error" --pid "/var/run/pluto/pluto.pid" || { ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ; test "X$ifl" != "X" && for i in $ifl ; do ifconfig $i down ; ipsec tncfg --detach --virtual $i ; done ; test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ; ipsec eroute --clear ; ipsec spi --clear ; lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec ; rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; }
 ipsec_setup: 	 echo "...FreeS/WAN IPsec started" | logger -p daemon.error -t ipsec_setup
diff -u setup.stop.out.v1 /tmp/setup.stop.out.v2
east:/testing/scripts/ipsec.conf.pairs# ipsec setup stop
ipsec_setup: Stopping FreeS/WAN IPsec...
IPSEC EVENT: KLIPS device ipsec0 shut down.
east:/testing/scripts/ipsec.conf.pairs# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log
klogd 1.3-3#33.1, log source = /proc/kmsg started.
east:/testing/scripts/ipsec.conf.pairs# halt -p -f
Power down.

