north:~# TESTNAME=nat-transport-02 north:~# source /testing/pluto/bin/northlocal.sh north:~# iptables -F INPUT north:~# iptables -F OUTPUT north:~# ping -n -c 4 192.0.2.254 PING 192.0.2.254 (192.0.2.254): 56 data bytes 64 bytes from 192.0.2.254: icmp_seq=0 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=1 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=2 ttl=257 time=999 ms 64 bytes from 192.0.2.254: icmp_seq=3 ttl=257 time=999 ms --- 192.0.2.254 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 3.1/4.5/9.26 ms north:~# iptables -A INPUT -i eth1 -s 192.1.2.23 -p tcp --sport 3 -j REJECT north:~# iptables -A OUTPUT -o eth1 -d 192.1.2.23 -p tcp --dport 3 -j REJECT north:~# ipsec setup start ipsec_setup: Starting Libreswan IPsec VERSION north:~# ipsec auto --add north--east-port3 north:~# ipsec auto --add north--east-pass north:~# ipsec whack --debug-control --debug-controlmore --debug-parsing --debug-crypt north:~# /testing/pluto/bin/wait-until-pluto-started north:~# echo done done north:~# ipsec auto --route north--east-pass north:~# ipsec auto --up north--east-port3 104 "north--east-port3" #1: STATE_MAIN_I1: initiate 003 "north--east-port3" #1: received Vendor ID payload [Libreswan 003 "north--east-port3" #1: received Vendor ID payload [Dead Peer Detection] 003 "north--east-port3" #1: received Vendor ID payload [RFC 3947] method set to=109 106 "north--east-port3" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "north--east-port3" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): I am behind NAT 108 "north--east-port3" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "north--east-port3" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} 117 "north--east-port3" #2: STATE_QUICK_I1: initiate 004 "north--east-port3" #2: STATE_QUICK_I2: sent QI2, IPsec SA established north:~# telnet east-out 2 | wc -l Connection closed by foreign host. 834 north:~# telnet east-out 3 | wc -l Connection closed by foreign host. 30 north:~# echo done done north:~# north:~# north:~# if [ -f /tmp/core ]; then echo CORE FOUND; mv /tmp/core /var/tmp; fi north:~#