east:~#
 TESTNAME=tpm-accept-03
east:~#
 TESTING=${TESTING-/testing}
east:~#
 mkdir -p /tmp/$TESTNAME
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/cacerts
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/crls
east:~#
 mkdir -p /tmp/$TESTNAME/ipsec.d/certs
east:~#
 mkdir -p /tmp/UML.d/private
east:~#
 cp /etc/ipsec.secrets                    /tmp/$TESTNAME
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.secrets ]; then cat ${TESTING}/pluto/$TESTNAME/east.secrets >>/tmp/$TESTNAME/ipsec.secrets; fi
east:~#
 if [ -f ${TESTING}/pluto/$TESTNAME/east.tpm.tcl ]; then cp ${TESTING}/pluto/$TESTNAME/east.tpm.tcl /tmp/$TESTNAME/ipsec.d/tpm.tcl; fi
east:~#
 IPSEC_CONFS=/tmp/$TESTNAME export IPSEC_CONFS
east:~#
 PATH=/usr/local/sbin:$PATH
east:~#
 export PATH
east:~#
 rm -f /var/run/pluto/pluto.pid 
east:~#
 echo "Starting Openswan IPsec pluto"
Starting Openswan IPsec pluto
east:~#
 (cd /tmp && /usr/local/libexec/ipsec/pluto --nofork --secretsfile /tmp/$TESTNAME/ipsec.secrets --ipsecdir /tmp/$TESTNAME/ipsec.d --use-nostack --uniqueids --nhelpers 0 --stderrlog 2>/tmp/pluto.log ) &
[1] 9999
east:~#
 sleep 1
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 adding interface virtual127.0.0.1/lo 127.0.0.1:500
002 adding interface virtual192.9.2.23/eth2 192.9.2.23:500
002 adding interface virtual192.1.2.23/eth1 192.1.2.23:500
002 adding interface virtual192.0.2.254/eth0 192.0.2.254:500
002 loading secrets from "/tmp/tpm-accept-03/ipsec.secrets"
east:~#
 echo "Adding basic policy"
Adding basic policy
east:~#
 ipsec whack --name west--east-psk --encrypt --tunnel --pfs --dpdaction "hold" --psk --host "192.1.2.45" --nexthop "192.1.2.23" --updown "ipsec _updown" --id "192.1.2.45"  --sendcert "always" --to --host "192.1.2.23" --nexthop "192.1.2.45" --updown "ipsec _updown" --id "192.1.2.23"  --sendcert "always" --ipseclifetime "28800" --rekeymargin "540" --ikealg "3des-sha1-modp1024" --impair-die-oninfo --keyingtries "0"    
002 added connection description "west--east-psk"
east:~#
 ipsec whack --tpmeval 'set test_stage "t03a"'
sending tpmeval: 'set test_stage "t03a"'
002 TPM evaluating 'set test_stage "t03a"' 
east:~#
 echo "Wait for west to initiate"
Wait for west to initiate
east:~#
 echo "Stage 03b"
Stage 03b
east:~#
 ipsec whack --tpmeval 'set test_stage "t03b"'
sending tpmeval: 'set test_stage "t03b"'
002 TPM evaluating 'set test_stage "t03b"' 
east:~#
 echo "Wait for west to initiate"
Wait for west to initiate
east:~#
 echo "Stage 03c"
Stage 03c
east:~#
 ipsec whack --tpmeval 'set test_stage "t03c"'
sending tpmeval: 'set test_stage "t03c"'
002 TPM evaluating 'set test_stage "t03c"' 
east:~#
 echo "Wait for west to initiate"
Wait for west to initiate
east:~#
 echo "Stage 03d"
Stage 03d
east:~#
 ipsec whack --tpmeval 'set test_stage "t03d"'
sending tpmeval: 'set test_stage "t03d"'
002 TPM evaluating 'set test_stage "t03d"' 
east:~#
 echo "Wait for west to initiate"
Wait for west to initiate
east:~#
 

east:~#
east:~#
 cat /tmp/pluto.log
Starting Pluto (Openswan Version 2.5.0cl8 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEQAUNTmsT]Y)
WARNING: 1DES is enabled
Setting NAT-Traversal port-4500 floating to off
   port floating activation criteria nat_t=0/port_float=1
   including NAT-Traversal patch (Version 0.6c) [disabled]
WARNING: open of /dev/hw_random failed: No such file or directory
using /dev/random as source of random entropy
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
no helpers will be started, all cryptographic operations will be done inline
Loading TPM file: '/tmp/tpm-accept-03/ipsec.d/tpm.tcl' 
TPM enabled 
Changing to directory '/tmp/tpm-accept-03/ipsec.d/cacerts'
Could not change to directory '/tmp/tpm-accept-03/ipsec.d/aacerts'
Could not change to directory '/tmp/tpm-accept-03/ipsec.d/ocspcerts'
Changing to directory '/tmp/tpm-accept-03/ipsec.d/crls'
  Warning: empty directory
listening for IKE messages
adding interface virtual127.0.0.1/lo 127.0.0.1:500
adding interface virtual192.9.2.23/eth2 192.9.2.23:500
adding interface virtual192.1.2.23/eth1 192.1.2.23:500
adding interface virtual192.0.2.254/eth0 192.0.2.254:500
loading secrets from "/tmp/tpm-accept-03/ipsec.secrets"
  loaded private key file '/etc/ipsec.d/private/east.pem' (963 bytes)
added connection description "west--east-psk"
TPM evaluating 'set test_stage "t03a"' 
tcl says packet from: 192.1.2.23
recvMessage NULL NULL _POINTER_p_msg_digest
packet from 192.1.2.45:500: received Vendor ID payload [Openswan (this version) 2.5.0cl8  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
packet from 192.1.2.45:500: received Vendor ID payload [Dead Peer Detection]
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #1: responding to Main Mode
"west--east-psk" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
"west--east-psk" #1: STATE_MAIN_R1: sent MR1, expecting MI2
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03a state: 5 MR1: 5 MQ0: 16
Pausing for 60 seconds in phase 1
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
"west--east-psk" #1: STATE_MAIN_R2: sent MR2, expecting MI3
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #1: discarding duplicate packet; already STATE_MAIN_R2
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #1: discarding duplicate packet; already STATE_MAIN_R2
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03a state: 7 MR1: 5 MQ0: 16
"west--east-psk" #1: Main mode peer ID is ID_IPV4_ADDR: '192.1.2.45'
"west--east-psk" #1: I did not send a certificate because digital signatures are not being used. (PSK)
"west--east-psk" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
"west--east-psk" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03a state: 16 MR1: 5 MQ0: 16
"west--east-psk" #2: extra debugging enabled for connection: none
"west--east-psk" #2: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #2: responding to Quick Mode 
"west--east-psk" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
"west--east-psk" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
tcl says packet from: 192.1.2.23
"west--east-psk" #2: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03a state: 18 MR1: 5 MQ0: 16
"west--east-psk" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
"west--east-psk" #2: STATE_QUICK_R2: IPsec SA established
TPM evaluating 'set test_stage "t03b"' 
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03b state: 22 MR1: 5 MQ0: 16
"west--east-psk" #1: extra debugging enabled for connection: none
"west--east-psk" #1: received Delete SA(0xSPI1SPI1) payload: deleting IPSEC State #NUM
"west--east-psk" #2: extra debugging enabled for connection: none
"west--east-psk" #1: received and ignored informational message
tcl says packet from: 192.1.2.23
"west--east-psk" #1: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03b state: 22 MR1: 5 MQ0: 16
"west--east-psk" #1: extra debugging enabled for connection: none
"west--east-psk" #1: received Delete SA payload: deleting ISAKMP State #1
"west--east-psk" #1: extra debugging enabled for connection: none
packet from 192.1.2.45:500: received and ignored informational message
tcl says packet from: 192.1.2.23
recvMessage NULL NULL _POINTER_p_msg_digest
packet from 192.1.2.45:500: received Vendor ID payload [Openswan (this version) 2.5.0cl8  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
packet from 192.1.2.45:500: received Vendor ID payload [Dead Peer Detection]
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #3: responding to Main Mode
"west--east-psk" #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
"west--east-psk" #3: STATE_MAIN_R1: sent MR1, expecting MI2
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03b state: 5 MR1: 5 MQ0: 16
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
"west--east-psk" #3: STATE_MAIN_R2: sent MR2, expecting MI3
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03b state: 7 MR1: 5 MQ0: 16
"west--east-psk" #3: Main mode peer ID is ID_IPV4_ADDR: '192.1.2.45'
"west--east-psk" #3: I did not send a certificate because digital signatures are not being used. (PSK)
"west--east-psk" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
"west--east-psk" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03b state: 16 MR1: 5 MQ0: 16
"west--east-psk" #4: extra debugging enabled for connection: none
"west--east-psk" #4: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #4: responding to Quick Mode 
"west--east-psk" #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
"west--east-psk" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
tcl says packet from: 192.1.2.23
"west--east-psk" #4: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03b state: 18 MR1: 5 MQ0: 16
"west--east-psk" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
"west--east-psk" #4: STATE_QUICK_R2: IPsec SA established
TPM evaluating 'set test_stage "t03c"' 
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03c state: 16 MR1: 5 MQ0: 16
Pausing for 60 seconds in phase 2
"west--east-psk" #5: extra debugging enabled for connection: none
"west--east-psk" #5: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #5: responding to Quick Mode 
"west--east-psk" #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
"west--east-psk" #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
tcl says packet from: 192.1.2.23
"west--east-psk" #5: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #5: discarding duplicate packet; already STATE_QUICK_R1
tcl says packet from: 192.1.2.23
"west--east-psk" #5: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #5: discarding duplicate packet; already STATE_QUICK_R1
tcl says packet from: 192.1.2.23
"west--east-psk" #5: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03c state: 18 MR1: 5 MQ0: 16
"west--east-psk" #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
"west--east-psk" #5: STATE_QUICK_R2: IPsec SA established
TPM evaluating 'set test_stage "t03d"' 
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03d state: 16 MR1: 5 MQ0: 16
"west--east-psk" #6: extra debugging enabled for connection: none
"west--east-psk" #6: extra debugging enabled for connection: impair-die-oninfo
"west--east-psk" #6: responding to Quick Mode 
"west--east-psk" #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
"west--east-psk" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
tcl says packet from: 192.1.2.23
"west--east-psk" #6: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03d state: 18 MR1: 5 MQ0: 16
"west--east-psk" #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
"west--east-psk" #6: STATE_QUICK_R2: IPsec SA established
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03d state: 22 MR1: 5 MQ0: 16
"west--east-psk" #3: extra debugging enabled for connection: none
"west--east-psk" #3: received Delete SA(0xSPI1SPI1) payload: deleting IPSEC State #NUM
"west--east-psk" #6: extra debugging enabled for connection: none
"west--east-psk" #3: received and ignored informational message
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03d state: 22 MR1: 5 MQ0: 16
"west--east-psk" #3: extra debugging enabled for connection: none
"west--east-psk" #3: received Delete SA(0xSPI1SPI1) payload: deleting IPSEC State #NUM
"west--east-psk" #5: extra debugging enabled for connection: none
"west--east-psk" #3: received and ignored informational message
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03d state: 22 MR1: 5 MQ0: 16
"west--east-psk" #3: extra debugging enabled for connection: none
"west--east-psk" #3: received Delete SA(0xSPI1SPI1) payload: deleting IPSEC State #NUM
"west--east-psk" #4: extra debugging enabled for connection: none
"west--east-psk" #3: received and ignored informational message
tcl says packet from: 192.1.2.23
"west--east-psk" #3: extra debugging enabled for connection: impair-die-oninfo
recvMessage _POINTER_p_state _POINTER_p_connection _POINTER_p_msg_digest
stage: t03d state: 22 MR1: 5 MQ0: 16
"west--east-psk" #3: extra debugging enabled for connection: none
"west--east-psk" #3: received Delete SA payload: deleting ISAKMP State #3
"west--east-psk" #3: extra debugging enabled for connection: none
packet from 192.1.2.45:500: received and ignored informational message
east:~#
 if [ -f /tmp/core ]; then echo CORE FOUND; mv /tmp/core /var/tmp; fi
east:~#

