east:~# TESTNAME=interop-ikev2-racoon-03-psk-initiator east:~# mkdir /tmp/racoon2 /var/run/racoon2 east:~# chmod 700 /var/run/racoon2 east:~# cp -r /testing/pluto/$TESTNAME/east-racoon/* /tmp/racoon2/ east:~# chmod 700 /tmp/racoon2/psk/test.psk /tmp/racoon2/spmd.pwd east:~# /usr/local/racoon2/etc/init.d/spmd start Starting spmd. east:~# /usr/local/racoon2/etc/init.d/iked start Starting iked2008-04-08 07:20:46 [INFO]: main.c:300:main(): starting iked for racoon2 20071227e 2008-04-08 07:20:46 [INFO]: main.c:303:main(): OPENSSLDIR: "/usr/lib/ssl" 2008-04-08 07:20:46 [INFO]: main.c:314:main(): reading config /tmp/racoon2/racoon2.conf 2008-04-08 07:20:46 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(aes) 2008-04-08 07:20:46 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(3des) 2008-04-08 07:20:46 [INTERNAL_WARN]: ike_conf.c:3769:ike_conf_check_ikev2(): remote (default) ikev2 ipsec_sa_nego_time_limit configuration field support is unimplemented, ignored 2008-04-08 07:20:46 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(aes) 2008-04-08 07:20:46 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(aes) 2008-04-08 07:20:46 [DEBUG]: algorithm.c:499:alg_oakley_encdef(): encryption(3des) 2008-04-08 07:20:46 [INTERNAL_WARN]: ike_conf.c:4218:ike_conf_check_consistency(): configuration errors: 0, warnings: 1 2008-04-08 07:20:46 [DEBUG]: if_spmd.c:354: spmd I/F connection ok: 220 8CD3865EFC8C71B7BA171114DA2C92E818CE4EA2 2008-04-08 07:20:46 [DEBUG]: cfsetup.c:3837: read 16 bytes 2008-04-08 07:20:46 [DEBUG]: if_spmd.c:416: spmd LOGIN ok: 250 OK 2008-04-08 07:20:46 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 5 bind 192.0.2.254[500] 2008-04-08 07:20:46 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 6 bind 192.1.2.23[500] 2008-04-08 07:20:46 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 7 bind 192.9.2.23[500] 2008-04-08 07:20:46 [DEBUG]: isakmp.c:529:isakmp_open_address(): socket 8 bind 127.0.0.1[500] . east:~# sleep 3 east:~# echo done done east:~# ping -c 3 -I 192.0.2.254 192.0.1.254 PING 192.0.1.254 (192.0.1.254): 56 data bytes 64 bytes from 192.0.1.254: icmp_seq=0 ttl=257 time=999 ms 64 bytes from 192.0.1.254: icmp_seq=1 ttl=257 time=999 ms 64 bytes from 192.0.1.254: icmp_seq=2 ttl=257 time=999 ms --- 192.0.1.254 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms east:~# ip xfrm state ================================================================ There should be some ip xfrm state output!!! This is a real bug! ================================================================ east:~# ip xfrm policy src 192.0.1.0/24 dst 192.0.2.0/24 dir in priority 0 tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid 0 mode tunnel src 192.0.2.0/24 dst 192.0.1.0/24 dir out priority 0 tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid 0 mode tunnel src 192.0.1.0/24 dst 192.0.2.0/24 dir fwd priority 0 tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid 0 mode tunnel src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 east:~# echo done done east:~# east:~# east:~# if [ -f /tmp/core ]; then echo CORE FOUND; mv /tmp/core /var/tmp; fi east:~#