upgraded ikev2 scenarios to 5.0.0
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 11 May 2012 09:00:32 +0000 (11:00 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 11 May 2012 09:00:32 +0000 (11:00 +0200)
513 files changed:
testing/tests/ikev2/after-2038-certs/evaltest.dat
testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-3des-md5/evaltest.dat
testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ccm/evaltest.dat
testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ctr/evaltest.dat
testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-gcm/evaltest.dat
testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-blowfish/evaltest.dat
testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha256-96/evaltest.dat
testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha256/evaltest.dat
testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha384/evaltest.dat
testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha512/evaltest.dat
testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/any-interface/evaltest.dat
testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/compress/evaltest.dat
testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/config-payload-swapped/evaltest.dat
testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/config-payload/evaltest.dat
testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/critical-extension/evaltest.dat
testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/crl-from-cache/evaltest.dat
testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/crl-ldap/evaltest.dat
testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/crl-revoked/evaltest.dat
testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/crl-to-cache/evaltest.dat
testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/default-keys/evaltest.dat
testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/dhcp-dynamic/evaltest.dat
testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/dhcp-static-mac/evaltest.dat
testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/double-nat-net/evaltest.dat
testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf
testing/tests/ikev2/double-nat/evaltest.dat
testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf
testing/tests/ikev2/dpd-clear/evaltest.dat
testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/dpd-hold/evaltest.dat
testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/dpd-restart/evaltest.dat
testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/esp-alg-null/evaltest.dat
testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/farp/evaltest.dat
testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/force-udp-encaps/evaltest.dat
testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/host2host-cert/evaltest.dat
testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/host2host-swapped/evaltest.dat
testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/host2host-transport/evaltest.dat
testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/inactivity-timeout/evaltest.dat
testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-pool-db/evaltest.dat
testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-pool-wish/evaltest.dat
testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-pool/evaltest.dat
testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-split-pools-db/evaltest.dat
testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-db/evaltest.dat
testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools/evaltest.dat
testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/mobike-nat/evaltest.dat
testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/mobike/evaltest.dat
testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat
testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat
testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-loop/evaltest.dat
testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat
testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-strict/evaltest.dat
testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca/evaltest.dat
testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/nat-one-rw/description.txt [deleted file]
testing/tests/ikev2/nat-one-rw/evaltest.dat [deleted file]
testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-one-rw/posttest.dat [deleted file]
testing/tests/ikev2/nat-one-rw/pretest.dat [deleted file]
testing/tests/ikev2/nat-one-rw/test.conf [deleted file]
testing/tests/ikev2/nat-portswitch/description.txt [deleted file]
testing/tests/ikev2/nat-portswitch/evaltest.dat [deleted file]
testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem [deleted file]
testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem [deleted file]
testing/tests/ikev2/nat-portswitch/posttest.dat [deleted file]
testing/tests/ikev2/nat-portswitch/pretest.dat [deleted file]
testing/tests/ikev2/nat-portswitch/test.conf [deleted file]
testing/tests/ikev2/nat-rw-mark/description.txt [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/evaltest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown [new file with mode: 0755]
testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/posttest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/pretest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mark/test.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-mixed/description.txt [deleted file]
testing/tests/ikev2/nat-rw-mixed/evaltest.dat [deleted file]
testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem [deleted file]
testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem [deleted file]
testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem [deleted file]
testing/tests/ikev2/nat-rw-mixed/posttest.dat [deleted file]
testing/tests/ikev2/nat-rw-mixed/pretest.dat [deleted file]
testing/tests/ikev2/nat-rw-mixed/test.conf [deleted file]
testing/tests/ikev2/nat-rw-psk/description.txt [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw-psk/test.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw/description.txt [new file with mode: 0644]
testing/tests/ikev2/nat-rw/evaltest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/nat-rw/posttest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw/pretest.dat [new file with mode: 0644]
testing/tests/ikev2/nat-rw/test.conf [new file with mode: 0644]
testing/tests/ikev2/nat-two-rw-mark/description.txt [deleted file]
testing/tests/ikev2/nat-two-rw-mark/evaltest.dat [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw-mark/posttest.dat [deleted file]
testing/tests/ikev2/nat-two-rw-mark/pretest.dat [deleted file]
testing/tests/ikev2/nat-two-rw-mark/test.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/description.txt [deleted file]
testing/tests/ikev2/nat-two-rw-psk/evaltest.dat [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw-psk/posttest.dat [deleted file]
testing/tests/ikev2/nat-two-rw-psk/pretest.dat [deleted file]
testing/tests/ikev2/nat-two-rw-psk/test.conf [deleted file]
testing/tests/ikev2/nat-two-rw/description.txt [deleted file]
testing/tests/ikev2/nat-two-rw/evaltest.dat [deleted file]
testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf [deleted file]
testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf [deleted file]
testing/tests/ikev2/nat-two-rw/posttest.dat [deleted file]
testing/tests/ikev2/nat-two-rw/pretest.dat [deleted file]
testing/tests/ikev2/nat-two-rw/test.conf [deleted file]
testing/tests/ikev2/nat-virtual-ip/evaltest.dat
testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-cert/evaltest.dat
testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
testing/tests/ikev2/net2net-esn/evaltest.dat
testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-psk-fail/description.txt [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/evaltest.dat [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/posttest.dat [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/pretest.dat [new file with mode: 0644]
testing/tests/ikev2/net2net-psk-fail/test.conf [new file with mode: 0644]
testing/tests/ikev2/net2net-psk/evaltest.dat
testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
testing/tests/ikev2/net2net-pubkey/evaltest.dat
testing/tests/ikev2/net2net-rfc3779/evaltest.dat
testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-route/evaltest.dat
testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-rsa/evaltest.dat
testing/tests/ikev2/net2net-same-nets/evaltest.dat
testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-start/evaltest.dat
testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/net2net-start/pretest.dat
testing/tests/ikev2/ocsp-local-cert/evaltest.dat
testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-multi-level/evaltest.dat
testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
testing/tests/ikev2/ocsp-revoked/evaltest.dat
testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-root-cert/evaltest.dat
testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
testing/tests/ikev2/protoport-dual/evaltest.dat
testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/protoport-route/evaltest.dat
testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/reauth-early/evaltest.dat
testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/reauth-late/evaltest.dat
testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-cert/evaltest.dat
testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-hash-and-url/evaltest.dat
testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-mark-in-out/evaltest.dat
testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf
testing/tests/ikev2/rw-pkcs8/evaltest.dat
testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-psk-fqdn/description.txt
testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/rw-psk-ipv4/description.txt
testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-radius-accounting/evaltest.dat
testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-whitelist/evaltest.dat
testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/shunt-policies/evaltest.dat
testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/strong-keys-certs/evaltest.dat
testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/two-certs/evaltest.dat
testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/virtual-ip-override/evaltest.dat
testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/virtual-ip/evaltest.dat
testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/wildcards/evaltest.dat
testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf

index 1bb9c10..3efaa5a 100644 (file)
@@ -1,5 +1,7 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index bcdb864..d0e7ae2 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2745213..00a5220 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 6f598c6..a553ff1 100644 (file)
@@ -1,13 +1,15 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
-carol::ipsec statusall::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*3DES_CBC/HMAC_MD5_96,::YES
-carol::ipsec statusall::home.*3DES_CBC/HMAC_MD5_96,::YES
-moon::ip xfrm state::enc cbc(des3_ede)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
+moon:: ip xfrm state::enc cbc(des3_ede)::YES
 carol::ip xfrm state::enc cbc(des3_ede)::YES
-moon::ip xfrm state::auth hmac(md5)::YES
+moon:: ip xfrm state::auth hmac(md5)::YES
 carol::ip xfrm state::auth hmac(md5)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
index f2c7106..e893344 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index c4fd80f..c218ad4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 0834a8d..e2cf773 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::IKE proposal: AES_CCM_12_128::YES
-carol::ipsec statusall::IKE proposal: AES_CCM_12_128::YES
-moon::ipsec statusall::AES_CCM_12_128,::YES
-carol::ipsec statusall::AES_CCM_12_128,::YES
-moon::ip xfrm state::aead rfc4309(ccm(aes))::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
+moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES
+carol::ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES
+moon:: ip xfrm state::aead rfc4309(ccm(aes))::YES
 carol::ip xfrm state::aead rfc4309(ccm(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
index 6bcfbc2..a5af627 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 1d6f138..74dc017 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 522ce60..177e0ea 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::IKE proposal: AES_CTR_128::YES
-carol::ipsec statusall::IKE proposal: AES_CTR_128::YES
-moon::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES
-carol::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES
-moon::ip xfrm state::rfc3686(ctr(aes))::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
+moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES
+carol::ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES
+moon:: ip xfrm state::rfc3686(ctr(aes))::YES
 carol::ip xfrm state::rfc3686(ctr(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
index 70c4828..97db081 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index bf10374..dbfef04 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 9cd3e8e..39f8b1c 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::IKE proposal: AES_GCM_16_256::YES
-carol::ipsec statusall::IKE proposal: AES_GCM_16_256::YES
-moon::ipsec statusall::AES_GCM_16_256,::YES
-carol::ipsec statusall::AES_GCM_16_256,::YES
-moon::ip xfrm state::aead rfc4106(gcm(aes))::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
+moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES
+carol::ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES
+moon:: ip xfrm state::aead rfc4106(gcm(aes))::YES
 carol::ip xfrm state::aead rfc4106(gcm(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
index e3f19af..f70a558 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 0d51a3e..30c4a7d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 24e36eb..7a98745 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES
-moon::ip xfrm state::auth xcbc(aes)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
+moon:: ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
index 33e6a84..806923e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 208477d..5f55bb7 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index f1b3389..a458f02 100644 (file)
@@ -1,14 +1,15 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
+dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
 carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
-dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
index a787249..2c05914 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
        charondebug="cfg 2"
 
index 26f3f3a..a3c6f1b 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 5183e26..9490dbf 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
        charondebug="cfg 2"
 
index 80df206..0acd6d2 100644 (file)
@@ -1,13 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[4]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
-dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
-moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
+dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
+dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 257923d..947dbe7 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 9b52479..268f298 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2b66e34..78e2787 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 7ec47aa..4bbc82d 100644 (file)
@@ -1,13 +1,15 @@
-moon::cat /var/log/daemon.log::received strongSwan vendor id::YES
-carol::cat /var/log/daemon.log::received strongSwan vendor id::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES
+carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
-moon::ip xfrm state::auth hmac(sha256)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
+moon:: ip xfrm state::auth hmac(sha256)::YES
 carol::ip xfrm state::auth hmac(sha256)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
index 47cf1e1..2353884 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index d340aaf..c1e415d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 2d1cc92..7b5640a 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
-moon::ip xfrm state::auth hmac(sha256)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
+moon:: ip xfrm state::auth hmac(sha256)::YES
 carol::ip xfrm state::auth hmac(sha256)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
index d2b763a..e3c4246 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 0e38bbb..9f8e902 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 31bb64c..21b3d5a 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-moon::ip xfrm state::auth hmac(sha384)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+moon:: ip xfrm state::auth hmac(sha384)::YES
 carol::ip xfrm state::auth hmac(sha384)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
index d38b7df..14fce03 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index ea84cd8..06a887f 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index e0f5fb7..7b94d21 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-moon::ip xfrm state::auth hmac(sha512)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+moon:: ip xfrm state::auth hmac(sha512)::YES
 carol::ip xfrm state::auth hmac(sha512)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
index 583522d..33f619e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 40fec93..f76a426 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index f475ba7..800ae43 100644 (file)
@@ -1,10 +1,17 @@
-moon::cat /var/log/daemon.log::creating acquire job::YES
-bob::cat /var/log/daemon.log::creating acquire job::YES
-moon::ipsec statusall::alice.*INSTALLED, TRANSPORT::YES
-moon::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
-alice::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
-sun::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
-bob::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
+moon:: cat /var/log/daemon.log::creating acquire job::YES
+bob::  cat /var/log/daemon.log::creating acquire job::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*CN=moon.strongswan.org.*CN=alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=moon.strongswan.org.*CN=sun.strongswan.org::YES
+alice::ipsec status 2> /dev/null::remote.*ESTABLISHED.*CN=alice@strongswan.org.*CN=moon.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::remote\[1]: ESTABLISHED.*CN=sun.strongswan.org.*CN=moon.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::remote\[2]: ESTABLISHED.*CN=sun.strongswan.org.*CN=bob@strongswan.org::YES
+bob::  ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=bob@strongswan.org.*CN=sun.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TRANSPORT::YES
+moon:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES
+alice::ipsec status 2> /dev/null::remote.*INSTALLED, TRANSPORT::YES
+sun::  ipsec status 2> /dev/null::remote[{]1}.*INSTALLED, TRANSPORT::YES
+sun::  ipsec status 2> /dev/null::remote[{]2}.*INSTALLED, TRANSPORT::YES
+bob::  ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES
 alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
 alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
index eb7dfe8..e71d347 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 40d029b..c4ded50 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index ab05343..e1880ee 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 71699b0..0bab2ca 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 22dd948..b989a77 100644 (file)
@@ -1,8 +1,10 @@
-moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
-moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
-carol::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::rw.*INSTALLED::YES
-moon::ip xfrm state::proto comp spi::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES
+moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
+moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
+moon:: ip xfrm state::proto comp spi::YES
 carol::ip xfrm state::proto comp spi::YES
 carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
 moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
index 670a50c..2481597 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 91abfd4..4eaffb8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 73d5ea2..3c41a59 100644 (file)
@@ -1,15 +1,19 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*INSTALLED::YES
-moon::ipsec status::rw-dave.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 6894a95..7d8031b 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index cefbc82..f665448 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2226737..1e2dc5c 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 3451112..a429e9b 100644 (file)
@@ -1,17 +1,21 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
 carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ipsec status::home.*INSTALLED::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*INSTALLED::YES
-moon::ipsec status::rw-dave.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index cb5f640..57829ad 100644 (file)
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown resolve
 }
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index cb5f640..57829ad 100644 (file)
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown resolve
 }
index bb558fe..ee2d120 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index f763e3e..1ec24a2 100644 (file)
@@ -1,7 +1,8 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown attr
+
   dns1 = PH_IP_WINNETOU
   dns2 = PH_IP_VENUS
 }
index 8c2f8ec..05c2c2f 100644 (file)
@@ -1,6 +1,8 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO
 moon::cat /var/log/daemon.log::sending end entity cert::YES
 moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-sun::cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES
-sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES
-sun::cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES
-sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES
+sun:: cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES
+sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES
+sun:: cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES
+sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES
index 2e3c9dd..11d2aef 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 19e1971..15ba692 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2f4cf7a..2d649bb 100644 (file)
@@ -1,10 +1,12 @@
-moon::cat /var/log/daemon.log::loaded crl from::YES
-moon::cat /var/log/daemon.log::crl is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec listcrls:: ok::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::loaded crl from::YES
+moon:: cat /var/log/daemon.log::crl is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
+moon:: cat /var/log/daemon.log::using cached crl::YES
+moon:: ipsec listcrls 2> /dev/null:: ok::YES
 carol::cat /var/log/daemon.log::loaded crl from::YES
 carol::cat /var/log/daemon.log::crl is valid::YES
 carol::cat /var/log/daemon.log::certificate status is good::YES
-carol::ipsec listcrls:: ok::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
+carol::cat /var/log/daemon.log::using cached crl::YES
+carol::ipsec listcrls 2> /dev/null:: ok::YES
index 4d47c83..633d921 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
        plutostart=no
index 9488a68..cc5f11d 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
        plutostart=no
index 5ab0944..b0774c6 100644 (file)
@@ -1,12 +1,12 @@
-moon::cat /var/log/daemon.log::loaded crl from::YES
-moon::cat /var/log/daemon.log::crl is stale::YES
-moon::cat /var/log/daemon.log::fetching crl from.*ldap::YES
-moon::cat /var/log/daemon.log::crl is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::loaded crl from::YES
+moon:: cat /var/log/daemon.log::crl is stale::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap::YES
+moon:: cat /var/log/daemon.log::crl is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
 carol::cat /var/log/daemon.log::loaded crl from::YES
 carol::cat /var/log/daemon.log::crl is stale::YES
 carol::cat /var/log/daemon.log::fetching crl from.*ldap::YES
 carol::cat /var/log/daemon.log::crl is valid::YES
 carol::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
index 26d34de..35967d7 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
        plutostart=no
index 1d2a685..6a6b912 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
        plutostart=no
index 62ed867..4f3e10b 100644 (file)
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
+moon:: cat /var/log/daemon.log::certificate was revoked::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-moon::ipsec status::rw.*ESTABLISHED::NO
-carol::ipsec status::home.*ESTABLISHED::NO
index cbab294..9b8a8c2 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index dd50c33..8eff71e 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index afc8f67..fe6a55a 100644 (file)
@@ -1,4 +1,4 @@
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
 carol::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
index 4d47c83..633d921 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
        plutostart=no
index 9488a68..cc5f11d 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
        plutostart=no
index 2c1e11c..1c206ff 100644 (file)
@@ -1,7 +1,9 @@
 carol::cat /var/log/auth.log::scepclient::YES
-moon::cat /var/log/auth.log::scepclient::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-moon::ipsec statusall::carol.*ESTABLISHED::YES
+moon:: cat /var/log/auth.log::scepclient::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES
+moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index 9574f18..7f3df2d 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 5b2c4e3..165dc54 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index b381408..4b0ddac 100644 (file)
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.51/32::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 3868a7a..642a7cd 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8abd241..830094c 100644 (file)
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 3868a7a..642a7cd 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8abd241..830094c 100644 (file)
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 3868a7a..642a7cd 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index aa69dab..2fe67cb 100644 (file)
@@ -1,5 +1,7 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-bob::ipsec statusall::nat-t.*INSTALLED::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES
+bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
 moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
 moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
index c8aa460..2d52634 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index f0c5b6f..57880fa 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 77deea2..0812bae 100644 (file)
@@ -1,5 +1,7 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-bob::ipsec statusall::nat-t.*INSTALLED::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES
+bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
 moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
index 26830f3..310fda6 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index b4a24cb..f1f02b1 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 86c0227..c1a2719 100644 (file)
@@ -1,6 +1,8 @@
-carol::ipsec statusall::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::sleep 180::no output expected::NO
-moon::cat /var/log/daemon.log::sending DPD request::YES
-moon::cat /var/log/daemon.log::retransmit.*of request::YES
-moon::cat /var/log/daemon.log::giving up after 5 retransmits::YES
+moon:: sleep 180::no output expected::NO
+moon:: cat /var/log/daemon.log::sending DPD request::YES
+moon:: cat /var/log/daemon.log::retransmit.*of request::YES
+moon:: cat /var/log/daemon.log::giving up after 5 retransmits::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
index bcdb864..d0e7ae2 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index cdb40d7..ae01a62 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2cf0637..4c035a6 100644 (file)
@@ -1,14 +1,14 @@
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
 carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
 carol::sleep 180::no output expected::NO
 carol::cat /var/log/daemon.log::sending DPD request::YES
 carol::cat /var/log/daemon.log::retransmit.*of request::YES
 carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES
 carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
 carol::ping -c 1 PH_IP_ALICE::trigger route::NO
 carol::sleep 2::no output expected::NO
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
index bfc8ac3..d5cc10d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index cdb40d7..ae01a62 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 28edd48..962bd06 100644 (file)
@@ -1,13 +1,13 @@
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
 carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
 carol::sleep 180::no output expected::NO
 carol::cat /var/log/daemon.log::sending DPD request::YES
 carol::cat /var/log/daemon.log::retransmit.*of request::YES
 carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES
 carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
 carol::sleep 10::no output expected::NO
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
index 631eac9..f1c4669 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index cdb40d7..ae01a62 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 9377d9f..74150fb 100644 (file)
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::NULL_AES_GMAC_256::YES
-carol::ipsec statusall::NULL_AES_GMAC_256::YES
+moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
+carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
 carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
-moon::ip xfrm state::aead rfc4543(gcm(aes))::YES
+moon:: ip xfrm state::aead rfc4543(gcm(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
index f3a266c..44babd9 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index bbdb383..71697b1 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index d65d712..a66edc5 100644 (file)
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES
-carol::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES
-moon::ip xfrm state::auth hmac(md5)::YES
+moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
+carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
+moon:: ip xfrm state::auth hmac(md5)::YES
 carol::ip xfrm state::auth hmac(md5)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
index 0979779..ae5800b 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index ae83aaf..7af2b0d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index bebca1f..937d85e 100644 (file)
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::NULL/HMAC_SHA1_96::YES
-carol::ipsec statusall::NULL/HMAC_SHA1_96::YES
-moon::ip xfrm state::enc ecb(cipher_null)::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ip xfrm state::enc ecb(cipher_null)::YES
 carol::ip xfrm state::enc ecb(cipher_null)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES
index 5640d74..dbf53b5 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 91f4a7c..deb022f 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index b027727..52c27cb 100644 (file)
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES
-carol::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES
-moon::ip xfrm state::auth hmac(sha1)::YES
+moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
+carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
+moon:: ip xfrm state::auth hmac(sha1)::YES
 carol::ip xfrm state::auth hmac(sha1)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES
index 3991d51..d2a4b5e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 8934195..25aa11a 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index d48812f..21b10d1 100644 (file)
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*INSTALLED::YES
-moon::ipsec status::rw-dave.*INSTALLED::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 19dd5d3..457b7a9 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 35f01d4..d7fe707 100644 (file)
@@ -1,6 +1,8 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
 moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES
index 2074646..842b72d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index a2c1686..0592ad3 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8d5d816..53e5589 100644 (file)
@@ -1,5 +1,7 @@
-moon::ipsec statusall::host-host.*ESTABLISHED::YES
-sun::ipsec statusall::host-host.*ESTABLISHED::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index ec9ac5b..37ac6a6 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 484eb99..d47a5c2 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8d5d816..53e5589 100644 (file)
@@ -1,5 +1,7 @@
-moon::ipsec statusall::host-host.*ESTABLISHED::YES
-sun::ipsec statusall::host-host.*ESTABLISHED::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 981c7f0..b20e94e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index e3fc2b7..e3c0f69 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index b3cade4..3021b5e 100644 (file)
@@ -1,8 +1,7 @@
-moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
-moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
-sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
-moon::ip xfrm state::mode transport::YES
-sun::ip xfrm state::mode transport::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 7f6c5a5..7b4ab64 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index af52fb2..c2d251a 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index a897548..dceceae 100644 (file)
@@ -1,8 +1,8 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
 carol::sleep 15::NO
 carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES
-moon::ipsec statusall::rw.*INSTALLED::NO
-carol::ipsec statusall::home.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO
index 5fbb996..89a0be7 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index c3d4173..b2e2c4d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index f9d0cbb..941cb34 100644 (file)
@@ -4,26 +4,30 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
 carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
-dave::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
-dave::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES
-moon::cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
-moon::cat /var/log/daemon.log::assigning virtual IP::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
+dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
 moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES
 moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES
 moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES
 moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
 moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon::ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index b341383..bc0a0ac 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index d02d422..fd15d52 100644 (file)
@@ -1,18 +1,22 @@
 carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
-moon::cat /var/log/daemon.log::assigning virtual IP::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index c9867c7..81e0202 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 98dd992..86d1f2e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 0b4cded..d6657cd 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index b130d45..50b7f11 100644 (file)
@@ -1,21 +1,25 @@
 carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES
-moon::cat /var/log/daemon.log::assigning virtual IP::YES
-moon::ipsec leases rw::2/15, 2 online::YES
-moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
+moon:: ipsec leases rw 2> /dev/null::2/15, 2 online::YES
+moon:: ipsec leases rw 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec leases rw 10.3.0.2 2> /dev/null::dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 0b4cded..d6657cd 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8fd47dc..60a537b 100644 (file)
@@ -1,15 +1,19 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
-carol::ipsec status::home.*INSTALLED::YES
-dave::cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES
-dave::ipsec status::home.*INSTALLED::YES
-moon::cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES
-moon::cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES
-moon::cat /var/log/daemon.log::no available address found in pool.*pool0::YES
-moon::cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES
-moon::cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES
-moon::ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES
-moon::ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES
-moon::ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/daemon.log::no available address found in pool.*pool0::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES
+moon:: ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES
+moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES
+moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
index a19f6cf..5aa16a8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1a89f4e..29fd9a4 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index c0f9756..4ef94c7 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index ba2b07a..fd0413d 100644 (file)
@@ -1,29 +1,37 @@
-carol::ipsec status::home.*INSTALLED::YES
-dave::ipsec status::home.*INSTALLED::YES
-alice::ipsec status::home.*INSTALLED::YES
-venus::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::ext.*ESTABLISHED.*dave@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*venus.strongswan.org::YES
-moon::ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES
-moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES
-moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES
+venus::ipsec status 2> /dev/null::home.*ESTABLISHED.*venus.strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int\[3]: ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int\[4]: ESTABLISHED.*moon.strongswan.org.*venus.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext[{]1}.*INSTALLED. TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext[{]2}.*INSTALLED. TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int[{]3}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int[{]4}.*INSTALLED, TUNNEL::YES
+moon:: ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES
+moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES
+moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
 alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
 venus::cat /var/log/daemon.log::installing new virtual IP 10.4.0.2::YES
 carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
-dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
 alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES
 venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES
 alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
 alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
-dave::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
+dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
 alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
 alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
 dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index d925a25..403ed3b 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2b673ec..d84d261 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 22f9b66..a53c911 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index a4c37e1..996f52f 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2dbd84f..2e0c50d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1505de7..05d8493 100644 (file)
@@ -1,12 +1,16 @@
-carol::ipsec status::home.*INSTALLED::YES
-alice::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
-moon::ipsec leases ext::1/15, 1 online::YES
-moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon:: ipsec leases ext 2> /dev/null::1/15, 1 online::YES
+moon:: ipsec leases ext 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
+moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
 alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
 carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
index f5ce168..4a47ce5 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index e647f1e..a600d5e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index d80bb53..1ce2634 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index ac0a3ee..c894edf 100644 (file)
@@ -1,13 +1,17 @@
-carol::ipsec status::home.*INSTALLED::YES
-alice::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
-moon::ipsec leases ext::1/15, 1 online::YES
-moon::ipsec leases int::1/15, 1 online::YES
-moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon:: ipsec leases ext 2> /dev/null::1/15, 1 online::YES
+moon:: ipsec leases int 2> /dev/null::1/15, 1 online::YES
+moon:: ipsec leases ext 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec leases int 10.4.0.1 2> /dev/null::alice@strongswan.org::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
 alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
 carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
index f5ce168..4a47ce5 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index e647f1e..a600d5e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8435479..c13a8c3 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index f2758eb..aded7a0 100644 (file)
@@ -1,14 +1,14 @@
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 alice::/etc/init.d/net.eth1 stop::No output expected::NO
 alice::sleep 1::No output expected::NO
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
 sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
index ed670ef..5e7d48e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index ca4d84e..faf9c86 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 94dea0b..c4c7b0b 100644 (file)
@@ -1,14 +1,14 @@
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 alice::/etc/init.d/net.eth1 stop::No output expected::NO
 alice::sleep 1::No output expected::NO
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
 sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
index ed670ef..5e7d48e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 1c8be1d..b77b148 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 6c49c04..ebf5ad4 100644 (file)
@@ -1,14 +1,14 @@
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall::PH_IP_ALICE1/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE1/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec statusall 2> /dev/null::PH_IP_ALICE1/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE1/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 alice::/etc/init.d/net.eth1 stop::No output expected::NO
 alice::sleep 1::No output expected::NO
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
-alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
+alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
 sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
index 6c87468..1ead52b 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 4806cd9..fa54c3f 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 897db40..4a72b43 100644 (file)
@@ -1,11 +1,11 @@
-moon::cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES
-moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES
+moon:: cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES
+moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES
 carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES
 carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
-moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
-moon::cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES
-moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES
-carol::ipsec statusall::home.*ESTABLISHED.*228060123456001@strongswan.org::YES
+moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
+moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
@@ -15,7 +15,7 @@ dave::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
 moon::cat /var/log/daemon.log::received EAP identity .*228060123456002::YES
 moon::cat /var/log/daemon.log::RADIUS authentication of '228060123456002' failed::YES
 moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 228060123456002@strongswan.org::YES
-moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO
+moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO
 dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
index f8c52be..d77e6c5 100755 (executable)
@@ -9,7 +9,6 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       authby=eap
 
 conn home
        left=PH_IP_DAVE
index 37d23b1..7ec97d8 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index d2453bb..03426ac 100644 (file)
@@ -1,12 +1,12 @@
 carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
-dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
index a8a6d2b..38724c5 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 8647ac8..717debb 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 4c84d18..94c8a87 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 ca strongswan
index 4b827b4..dcd2717 100644 (file)
@@ -1,12 +1,12 @@
 carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
-dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*INSTALLED::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*INSTALLED::YES
+dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
index 9031a94..6a343a0 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 0168be8..54e4075 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 7513858..0d33c23 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 ca strongswan
index 4a1c720..4abcde1 100644 (file)
@@ -1,19 +1,19 @@
-moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-carol::ipsec status::venus.*INSTALLED::NO
-moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
-moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
-moon::cat /var/log/daemon.log::switching to peer config.*venus::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
-dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-dave::ipsec status::alice.*INSTALLED::NO
-moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*moon.strongswan.org.*ESTABLISHED.*dave@strongswan.org::NO
index 39996cf..49ffd40 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index e25636a..c3c7afa 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index 46f1030..6ea3c30 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index 6b77a81..85bbe4a 100644 (file)
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::maximum path length of 7 exceeded::YES
+moon:: cat /var/log/daemon.log::maximum path length of 7 exceeded::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ipsec status::alice.*INSTALLED::NO
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::NO
+carol::ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO
index 5c34528..0b04269 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index 96e4937..083a501 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index 266f0d0..913e8f4 100644 (file)
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES
+moon:: cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ipsec status::home.*INSTALLED::NO
-moon::ipsec status::duck.*INSTALLED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::duck.*INSTALLED::NO
index 64539cc..d303a05 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 528dda3..c5f13f9 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 182f9e0..008ff2c 100644 (file)
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon:: cat /var/log/daemon.log::certificate was revoked::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-moon::ipsec status::alice.*ESTABLISHED::NO
-carol::ipsec status::home.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
index a042da6..aac041e 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index ef1beae..b9ece35 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index a594745..90ee6a7 100644 (file)
@@ -1,6 +1,6 @@
-carol::ipsec status::alice.*INSTALLED::YES
-carol::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::ESTABLISHED.*carol@strongswan.org::YES
-dave::ipsec status::venus.*INSTALLED::YES
-dave::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::ESTABLISHED.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
index 6fcc157..c6f3ca6 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index c4b41aa..f190fe1 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index 9c02993..f5953bd 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
        strictcrlpolicy=yes
        plutostart=no
 
index b081455..e1c5be4 100644 (file)
@@ -1,19 +1,19 @@
-moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES
 carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-carol::ipsec status::venus.*INSTALLED::NO
-moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
-moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
-moon::cat /var/log/daemon.log::switching to peer config.*venus::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
-dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-dave::ipsec status::alice.*INSTALLED::NO
-moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO