east:~#
 TESTNAME=tpm-accept-07
east:~#
 TESTING=${TESTING-/testing}
east:~#
 mkdir -p /tmp/$TESTNAME
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/cacerts
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/crls
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/certs
east:~#
 mkdir -p /tmp/UML.d/private
east:~#
 cp /etc/ipsec.secrets                    /tmp/$TESTNAME
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.secrets ]; then cat ${TESTING}/pluto/$TESTNAME/east.secrets >>/tmp/$TESTNAME/ipsec.secrets; fi
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.tpm.tcl ]; then cp ${TESTING}/pluto/$TESTNAME/east.tpm.tcl /tmp/$TESTNAME/ipsec.d/tpm.tcl; fi
east:~#
 IPSEC_CONFS=/tmp/$TESTNAME export IPSEC_CONFS
east:~#
 PATH=/usr/local/sbin:$PATH
east:~#
 export PATH
east:~#
 rm -f /var/run/pluto/pluto.pid 
east:~#
 echo "Starting Openswan IPsec pluto"
Starting Openswan IPsec pluto
east:~#
 (cd /tmp && /usr/local/libexec/ipsec/pluto --nofork --secretsfile /tmp/$TESTNAME/ipsec.secrets --ipsecdir /tmp/$TESTNAME/ipsec.d --use-nostack --uniqueids --nhelpers 0 --stderrlog 2>/tmp/pluto.log ) &
[1] 9999
east:~#
 sleep 1
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 adding interface virtual127.0.0.1/lo 127.0.0.1:500
002 adding interface virtual192.9.2.23/eth2 192.9.2.23:500
002 adding interface virtual192.1.2.23/eth1 192.1.2.23:500
002 adding interface virtual192.0.2.254/eth0 192.0.2.254:500
002 loading secrets from "/tmp/tpm-accept-07/ipsec.secrets"
east:~#
 echo "Adding basic policy"
Adding basic policy
east:~#
 ipsec whack --name west--east-psk --encrypt --tunnel --pfs --dpdaction "hold" --psk --host "192.1.2.45" --nexthop "192.1.2.23" --updown "ipsec _updown" --id "192.1.2.45"  --sendcert "always" --to --host "192.1.2.23" --nexthop "192.1.2.45" --updown "ipsec _updown" --id "192.1.2.23"  --sendcert "always" --ipseclifetime "28800" --rekeymargin "540" --ikealg "3des-sha1-modp1024" --keyingtries "0"    
002 added connection description "west--east-psk"
east:~#
 ipsec whack --debug-all
east:~#
 ipsec whack --name west--east-psk --initiate
002 "west--east-psk" #1: initiating Main Mode
104 "west--east-psk" #1: STATE_MAIN_I1: initiate
003 "west--east-psk" #1: received Vendor ID payload [Openswan 
003 "west--east-psk" #1: received Vendor ID payload [Dead Peer Detection]
002 "west--east-psk" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "west--east-psk" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "west--east-psk" #1: I did not send a certificate because digital signatures are not being used. (PSK)
002 "west--east-psk" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "west--east-psk" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "west--east-psk" #1: Main mode peer ID is ID_IPV4_ADDR: '192.1.2.45'
002 "west--east-psk" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "west--east-psk" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
002 "west--east-psk" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP
117 "west--east-psk" #2: STATE_QUICK_I1: initiate
031 "west--east-psk" #2: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
000 "west--east-psk" #2: starting keying attempt 2 of an unlimited number, but releasing whack
east:~#
 echo done
done
east:~#
 

east:~#
 ipsec setup stop
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: stop ordered, but IPsec appears to be already stopped!
ipsec_setup: doing cleanup anyway...
[1]+  Done                    ( cd /tmp && /usr/local/libexec/ipsec/pluto --nofork --secretsfile /tmp/$TESTNAME/ipsec.secrets --ipsecdir /tmp/$TESTNAME/ipsec.d --use-nostack --uniqueids --nhelpers 0 --stderrlog 2>/tmp/pluto.log )
east:~#
 kill `cat /var/run/klogd.pid`; cat /tmp/klog.log
klogd 1.3-3#33.1, log source = /proc/kmsg started.
east:~#
 halt -p -f
Power down.

