My local certoe-14-poc-del-slash32 sometimes fails vis: --- MASTER/testing/pluto/certoe-14-poc-del-slash32/road.console.txt +++ OUTPUT/testing/pluto/certoe-14-poc-del-slash32/road.console.txt @@ -45,12 +45,11 @@ road # ping -n -c 5 -I 192.1.3.209 192.1.2.23 PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data. -64 bytes from 192.1.2.23: icmp_seq=2 ttl=64 time=0.XXX ms 64 bytes from 192.1.2.23: icmp_seq=3 ttl=64 time=0.XXX ms 64 bytes from 192.1.2.23: icmp_seq=4 ttl=64 time=0.XXX ms 64 bytes from 192.1.2.23: icmp_seq=5 ttl=64 time=0.XXX ms --- 192.1.2.23 ping statistics --- -5 packets transmitted, 4 received, 20% packet loss, time XXXX +5 packets transmitted, 3 received, 40% packet loss, time XXXX rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms road # # wait on OE retransmits and rekeying @@ -60,7 +59,7 @@ # should show established tunnel and no bare shunts road # ipsec whack --trafficstatus -006 #2: "private-or-clear#192.1.2.23/32"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=336, outBytes=336, id='ID_NULL' +006 #2: "private-or-clear#192.1.2.23/32"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=252, outBytes=252, id='ID_NULL' road # ipsec whack --shuntstatus 000 Bare Shunt list:
given only 4 of 5 pings are expected to work, I'm gessing the intent is for the first ping to trigger OE and then, when things are up, for the remaining pings get through? With that in mind, what about the below: diff --git a/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh b/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh index aa2211d0fa..d1c351867d 100644 --- a/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh +++ b/testing/pluto/certoe-14-poc-del-slash32/3-road-run.sh @@ -1,10 +1,9 @@ -ping -n -c 5 -I 192.1.3.209 192.1.2.23 -# wait on OE retransmits and rekeying -sleep 5 +# trigger oe? +../../pluto/bin/ping-once.sh --down -I 192.1.3.209 192.1.2.23 +# wait for things to come online; expect 0 +../../pluto/bin/wait-for-whack-trafficstatus.sh 'private-or-clear#192.1.2.23/32' # should show established tunnel and no bare shunts +../../pluto/bin/ping-once.sh --up -I 192.1.3.209 192.1.2.23 ipsec whack --trafficstatus ipsec whack --shuntstatus -# ping should succeed through tunnel -ping -n -c 2 -I 192.1.3.209 192.1.2.23 -ipsec whack --trafficstatus echo "waiting on east to send delete for this IPsec SA" _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
