east:~#
 TESTNAME=tpm-accept-05
east:~#
 TESTING=${TESTING-/testing}
east:~#
 mkdir -p /tmp/$TESTNAME
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/cacerts
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/crls
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/certs
east:~#
 mkdir -p /tmp/UML.d/private
east:~#
 cp /etc/ipsec.secrets                    /tmp/$TESTNAME
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.secrets ]; then cat ${TESTING}/pluto/$TESTNAME/east.secrets >>/tmp/$TESTNAME/ipsec.secrets; fi
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.tpm.tcl ]; then cp ${TESTING}/pluto/$TESTNAME/east.tpm.tcl /tmp/$TESTNAME/ipsec.d/tpm.tcl; fi
east:~#
 IPSEC_CONFS=/tmp/$TESTNAME export IPSEC_CONFS
east:~#
 PATH=/usr/local/sbin:$PATH
east:~#
 export PATH
east:~#
 rm -f /var/run/pluto/pluto.pid 
east:~#
 echo "Starting Openswan IPsec pluto"
Starting Openswan IPsec pluto
east:~#
 (cd /tmp && /usr/local/libexec/ipsec/pluto --nofork --secretsfile /tmp/$TESTNAME/ipsec.secrets --ipsecdir /tmp/$TESTNAME/ipsec.d --use-nostack --uniqueids --nhelpers 0 --stderrlog 2>/tmp/pluto.log ) &
[1] 9999
east:~#
sleep 1
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 adding interface virtual127.0.0.1/lo 127.0.0.1:500
002 adding interface virtual192.9.2.23/eth2 192.9.2.23:500
002 adding interface virtual192.1.2.23/eth1 192.1.2.23:500
002 adding interface virtual192.0.2.254/eth0 192.0.2.254:500
002 loading secrets from "/tmp/tpm-accept-05/ipsec.secrets"
east:~#
 echo "Adding basic policy"
Adding basic policy
east:~#
 ipsec whack --name west--east-psk --encrypt --tunnel --pfs --dpdaction "hold" --psk --host "192.1.2.45" --nexthop "192.1.2.23" --updown "ipsec _updown" --id "192.1.2.45"  --sendcert "always" --to --host "192.1.2.23" --nexthop "192.1.2.45" --updown "ipsec _updown" --id "192.1.2.23"  --sendcert "always" --ipseclifetime "28800" --rekeymargin "540" --ikealg "3des-sha1-modp1024" --debug-control --keyingtries "2" --dontrekey   
002 added connection description "west--east-psk"
east:~#
 echo "Wait for west to initiate"
Wait for west to initiate
east:~#
 echo "Stage 05b"
Stage 05b
east:~#
 ipsec whack --name west--east-psk --initiate
002 "west--east-psk" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+UP
117 "west--east-psk" #3: STATE_QUICK_I1: initiate
002 "west--east-psk" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "west--east-psk" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
east:~#
 

east:~#
east:~#
 cat /tmp/pluto.log
Starting Pluto (Openswan Version 2.5.0cl8 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEQAUNTmsT]Y)
WARNING: 1DES is enabled
Setting NAT-Traversal port-4500 floating to off
   port floating activation criteria nat_t=0/port_float=1
   including NAT-Traversal patch (Version 0.6c) [disabled]
WARNING: open of /dev/hw_random failed: No such file or directory
using /dev/random as source of random entropy
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
no helpers will be started, all cryptographic operations will be done inline
Loading TPM file: '/tmp/tpm-accept-05/ipsec.d/tpm.tcl' 
TPM enabled 
Changing to directory '/tmp/tpm-accept-05/ipsec.d/cacerts'
Could not change to directory '/tmp/tpm-accept-05/ipsec.d/aacerts'
Could not change to directory '/tmp/tpm-accept-05/ipsec.d/ocspcerts'
Changing to directory '/tmp/tpm-accept-05/ipsec.d/crls'
  Warning: empty directory
listening for IKE messages
adding interface virtual127.0.0.1/lo 127.0.0.1:500
adding interface virtual192.9.2.23/eth2 192.9.2.23:500
adding interface virtual192.1.2.23/eth1 192.1.2.23:500
adding interface virtual192.0.2.254/eth0 192.0.2.254:500
loading secrets from "/tmp/tpm-accept-05/ipsec.secrets"
  loaded private key file '/etc/ipsec.d/private/east.pem' (963 bytes)
added connection description "west--east-psk"
packet from 192.1.2.45:500: received Vendor ID payload [Openswan (this version) 2.5.0cl8  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
packet from 192.1.2.45:500: received Vendor ID payload [Dead Peer Detection]
"west--east-psk" #1: responding to Main Mode
"west--east-psk" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Adjusting IKE timeout to large number. 3600 -> 900
Adjusting IPsec timeout to large number. 0 -> 900
"west--east-psk" #1: STATE_MAIN_R1: sent MR1, expecting MI2
"west--east-psk" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Adjusting IPsec timeout to large number. 900 -> 900
"west--east-psk" #1: STATE_MAIN_R2: sent MR2, expecting MI3
"west--east-psk" #1: Main mode peer ID is ID_IPV4_ADDR: '192.1.2.45'
"west--east-psk" #1: I did not send a certificate because digital signatures are not being used. (PSK)
"west--east-psk" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Adjusting IKE timeout to large number. 900 -> 900
Adjusting IPsec timeout to large number. 900 -> 900
"west--east-psk" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
"west--east-psk" #2: responding to Quick Mode 
"west--east-psk" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Adjusting IKE timeout to large number. 900 -> 900
Adjusting IPsec timeout to large number. 28800 -> 900
"west--east-psk" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
"west--east-psk" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Adjusting IKE timeout to large number. 900 -> 900
"west--east-psk" #2: STATE_QUICK_R2: IPsec SA established
"west--east-psk" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+UP
"west--east-psk" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Adjusting IKE timeout to large number. 900 -> 900
"west--east-psk" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
east:~#
 if [ -f /tmp/core ]; then echo CORE FOUND; mv /tmp/core /var/tmp; fi
east:~#

