east:~#
 TESTNAME=tpm-accept-01
east:~#
 TESTING=${TESTING-/testing}
east:~#
 mkdir -p /tmp/$TESTNAME
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/cacerts
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/crls
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/certs
east:~#
 mkdir -p /tmp/UML.d/private
east:~#
 cp /etc/ipsec.secrets                    /tmp/$TESTNAME
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.secrets ]; then cat ${TESTING}/pluto/$TESTNAME/east.secrets >>/tmp/$TESTNAME/ipsec.secrets; fi
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.tpm.tcl ]; then cp ${TESTING}/pluto/$TESTNAME/east.tpm.tcl /tmp/$TESTNAME/ipsec.d/tpm.tcl; fi
east:~#
 IPSEC_CONFS=/tmp/$TESTNAME export IPSEC_CONFS
east:~#
 PATH=/usr/local/sbin:$PATH
east:~#
 export PATH
east:~#
 rm -f /var/run/pluto/pluto.pid 
east:~#
 echo "Starting Openswan IPsec pluto"
Starting Openswan IPsec pluto
east:~#
 (cd /tmp && /usr/local/libexec/ipsec/pluto --nofork --secretsfile /tmp/$TESTNAME/ipsec.secrets --ipsecdir /tmp/$TESTNAME/ipsec.d --use-nostack --uniqueids --nhelpers 0 --stderrlog 2>/tmp/pluto.log ) &
[1] 9999
east:~#
 sleep 1
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 adding interface virtual127.0.0.1/lo 127.0.0.1:500
002 adding interface virtual192.9.2.23/eth2 192.9.2.23:500
002 adding interface virtual192.1.2.23/eth1 192.1.2.23:500
002 adding interface virtual192.0.2.254/eth0 192.0.2.254:500
002 loading secrets from "/tmp/tpm-accept-01/ipsec.secrets"
east:~#
 echo "Adding 1DES policy"
Adding 1DES policy
east:~#
 ipsec whack --name west--east-psk-1des --delete
021 no connection named "west--east-psk-1des"
east:~#
 ipsec whack --name west--east-psk-3des --delete
021 no connection named "west--east-psk-3des"
east:~#
 ipsec whack --name west--east-psk-1des --encrypt --tunnel --pfs --dpdaction "hold" --psk --host "192.1.2.45" --nexthop "192.1.2.23" --updown "ipsec _updown" --id "192.1.2.45"  --sendcert "always" --to --host "192.1.2.23" --nexthop "192.1.2.45" --updown "ipsec _updown" --id "192.1.2.23"  --sendcert "always" --ipseclifetime "28800" --rekeymargin "540" --ikealg "des" --impair-die-oninfo --keyingtries "0"    
002 added connection description "west--east-psk-1des"
east:~#
 ipsec whack --name west--east-psk-1des --initiate
002 "west--east-psk-1des": extra debugging enabled for connection: impair-die-oninfo
002 "west--east-psk-1des" #1: extra debugging enabled for connection: none
002 "west--east-psk-1des" #1: initiating Main Mode
104 "west--east-psk-1des" #1: STATE_MAIN_I1: initiate
002 "west--east-psk-1des" #1: extra debugging enabled for connection: impair-die-oninfo
003 "west--east-psk-1des" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN st=0x81a0a10
003 "west--east-psk-1des" #1: received and failed on unknown informational message
037 "west--east-psk-1des" #1: encountered fatal error in state STATE_MAIN_I1
east:~#
 echo "Switching to 3DES policy"
Switching to 3DES policy
east:~#
 ipsec whack --name west--east-psk-1des --delete
002 "west--east-psk-1des": extra debugging enabled for connection: impair-die-oninfo
002 "west--east-psk-1des": deleting connection
east:~#
 ipsec whack --name west--east-psk-3des --delete
021 no connection named "west--east-psk-3des"
east:~#
 ipsec whack --name west--east-psk-3des --encrypt --tunnel --pfs --dpdaction "hold" --psk --host "192.1.2.45" --nexthop "192.1.2.23" --updown "ipsec _updown" --id "192.1.2.45"  --sendcert "always" --to --host "192.1.2.23" --nexthop "192.1.2.45" --updown "ipsec _updown" --id "192.1.2.23"  --sendcert "always" --ipseclifetime "28800" --rekeymargin "540" --ikealg "3des" --keyingtries "0"    
002 added connection description "west--east-psk-3des"
east:~#
 ipsec whack --name west--east-psk-3des --initiate
002 "west--east-psk-3des" #2: initiating Main Mode
104 "west--east-psk-3des" #2: STATE_MAIN_I1: initiate
003 "west--east-psk-3des" #2: received Vendor ID payload [Openswan 
003 "west--east-psk-3des" #2: received Vendor ID payload [Dead Peer Detection]
002 "west--east-psk-3des" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "west--east-psk-3des" #2: STATE_MAIN_I2: sent MI2, expecting MR2
002 "west--east-psk-3des" #2: I did not send a certificate because digital signatures are not being used. (PSK)
002 "west--east-psk-3des" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "west--east-psk-3des" #2: STATE_MAIN_I3: sent MI3, expecting MR3
002 "west--east-psk-3des" #2: Main mode peer ID is ID_IPV4_ADDR: '192.1.2.45'
002 "west--east-psk-3des" #2: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "west--east-psk-3des" #2: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
002 "west--east-psk-3des" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP
117 "west--east-psk-3des" #3: STATE_QUICK_I1: initiate
002 "west--east-psk-3des" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "west--east-psk-3des" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
east:~#
 ipsec setup stop


east:~#
east:~#
 cat /tmp/pluto.log
Starting Pluto (Openswan Version 2.5.0cl8 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEQAUNTmsT]Y)
WARNING: 1DES is enabled
Setting NAT-Traversal port-4500 floating to off
   port floating activation criteria nat_t=0/port_float=1
   including NAT-Traversal patch (Version 0.6c) [disabled]
WARNING: open of /dev/hw_random failed: No such file or directory
using /dev/random as source of random entropy
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
no helpers will be started, all cryptographic operations will be done inline
Loading TPM file: '/tmp/tpm-accept-01/ipsec.d/tpm.tcl' 
TPM enabled 
Changing to directory '/tmp/tpm-accept-01/ipsec.d/cacerts'
Could not change to directory '/tmp/tpm-accept-01/ipsec.d/aacerts'
Could not change to directory '/tmp/tpm-accept-01/ipsec.d/ocspcerts'
Changing to directory '/tmp/tpm-accept-01/ipsec.d/crls'
  Warning: empty directory
listening for IKE messages
adding interface virtual127.0.0.1/lo 127.0.0.1:500
adding interface virtual192.9.2.23/eth2 192.9.2.23:500
adding interface virtual192.1.2.23/eth1 192.1.2.23:500
adding interface virtual192.0.2.254/eth0 192.0.2.254:500
loading secrets from "/tmp/tpm-accept-01/ipsec.secrets"
  loaded private key file '/etc/ipsec.d/private/east.pem' (963 bytes)
added connection description "west--east-psk-1des"
"west--east-psk-1des": extra debugging enabled for connection: impair-die-oninfo
"west--east-psk-1des" #1: extra debugging enabled for connection: none
"west--east-psk-1des" #1: initiating Main Mode
md: _POINTER_p_msg_digest
tcl says packet from: 192.1.2.23
"west--east-psk-1des" #1: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
"west--east-psk-1des" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN st=0x81a0a10
"west--east-psk-1des" #1: received and failed on unknown informational message
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest: state 4
"west--east-psk-1des" #1: extra debugging enabled for connection: none
"west--east-psk-1des": extra debugging enabled for connection: impair-die-oninfo
"west--east-psk-1des": deleting connection
added connection description "west--east-psk-3des"
"west--east-psk-3des" #2: initiating Main Mode
md: _POINTER_p_msg_digest
tcl says packet from: 192.1.2.23
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
"west--east-psk-3des" #2: received Vendor ID payload [Openswan (this version) 2.5.0cl8  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
"west--east-psk-3des" #2: received Vendor ID payload [Dead Peer Detection]
changeState _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest: state 4
"west--east-psk-3des" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"west--east-psk-3des" #2: STATE_MAIN_I2: sent MI2, expecting MR2
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest: state 6
md: _POINTER_p_msg_digest
tcl says packet from: 192.1.2.23
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
changeState _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
"west--east-psk-3des" #2: I did not send a certificate because digital signatures are not being used. (PSK)
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest: state 6
"west--east-psk-3des" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"west--east-psk-3des" #2: STATE_MAIN_I3: sent MI3, expecting MR3
md: _POINTER_p_msg_digest
tcl says packet from: 192.1.2.23
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
changeState _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
"west--east-psk-3des" #2: Main mode peer ID is ID_IPV4_ADDR: '192.1.2.45'
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest: state 8
"west--east-psk-3des" #2: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"west--east-psk-3des" #2: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
"west--east-psk-3des" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP
md: _POINTER_p_msg_digest
tcl says packet from: 192.1.2.23
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
changeState _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
adjustFailure _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest: state 17
: outspi: 0xOUTSOUTS DATA
: outspi: 0xOUTSOUTS DATA
: outspi: 0xOUTSOUTS DATA
: outspi: 0xOUTSOUTS DATA
"west--east-psk-3des" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"west--east-psk-3des" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
east:~#
 if [ -f /tmp/core ]; then echo CORE FOUND; mv /tmp/core /var/tmp; fi
east:~#

