The last change I made was to stop SELinux from Enforcing. This seems important so I added a bit to the wiki.
Also (I'm not sure when in the sequence of things) I uninstalled my old test setup using the testing/libvirt/uninstall.sh. Thanks, Andrew, for the suggestion. For this to work, a couple of definitions needed to be added to Makefile.inc.local (yours would be different): KVM_SOURCEDIR=/home/build/libreswan KVM_TESTINGDIR=$(KVM_SOURCEDIR)/testing I've now run my first test! But it failed. The difference looks intentional. --- ./east.console.txt 2016-05-09 13:38:52.478563674 -0400 +++ OUTPUT/east.console.txt 2016-05-12 00:47:59.763114044 -0400 @@ -106,7 +106,8 @@ 000 "westnet-eastnet": retransmit-interval: 9999ms; retransmit-timeout: 99s; 000 "westnet-eastnet": sha2_truncbug:no; initial_contact:no; cisco_unity:no; fake_strongswan:no; send_vendorid:no; 000 "westnet-eastnet": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; -000 "westnet-eastnet": conn_prio: 24,24; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset; mark: unset; +000 "westnet-eastnet": conn_prio: 24,24; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; +000 "westnet-eastnet": nflog-group: unset; mark: unset; vti-iface: unset; vti-routing: no 000 "westnet-eastnet": dpd: action:hold; delay:0; timeout:0; nat-t: force_encaps:no; nat_keepalive:yes; ikev1_natt:both 000 "westnet-eastnet": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
