/testing/guestbin/swan-prep --userland strongswan
road #
 # delete the address 33.222 before re-run. otherwise strongswan may choose 33.222
road #
 ip addr show dev eth0 | grep 192.1.33.222 && ip addr del 192.1.33.222/24 dev eth0
road #
 # add .209 incase re-run
road #
 ip addr show dev eth0 | grep 192.1.3.209 || ip addr add 192.1.3.209/24 dev eth0
    inet 192.1.3.209/24 scope global eth0
road #
 ip addr add 192.1.33.222/24 dev eth0
road #
 # add default gw, it could have been deleted due address changes
road #
 ip route | grep default || ip route add default via 192.1.3.254
default via 192.1.3.254 dev eth0
road #
 ../../guestbin/strongswan-start.sh
road #
 echo "initdone"
initdone
road #
 strongswan up road-east
initiating IKE_SA road-east[1] to 192.1.2.23
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.1.3.209[500] to 192.1.2.23[500] (XXX bytes)
received packet: from 192.1.2.23[500] to 192.1.3.209[500] (XXX bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) ]
selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
local host is behind NAT, sending keep alives
no IDi configured, fall back on IP address
authentication of '192.1.3.209' (myself) with pre-shared key
establishing CHILD_SA road-east{1}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from 192.1.3.209[4500] to 192.1.2.23[4500] (XXX bytes)
received packet: from 192.1.2.23[4500] to 192.1.3.209[4500] (XXX bytes)
parsed IKE_AUTH response 1 [ N(MOBIKE_SUP) IDr AUTH CPRP(ADDR) SA TSi TSr ]
authentication of 'east' with pre-shared key successful
IKE_SA road-east[1] established between 192.1.3.209[192.1.3.209]...192.1.2.23[east]
scheduling reauthentication in XXXs
maximum IKE_SA lifetime XXXs
installing new virtual IP 192.0.3.10
selected proposal: ESP:AES_CBC_256/HMAC_SHA2_512_256/NO_EXT_SEQ
CHILD_SA road-east{1} established with SPIs SPISPI_i SPISPI_o and TS 192.0.3.10/32 === 192.0.2.0/24
connection 'road-east' established successfully
road #
 ping -n -q -W 1 -c 2 -I 192.0.3.10 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.3.10 : 56(84) bytes of data.
--- 192.0.2.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time XXXX
rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
road #
 strongswan status
Shunted Connections:
Bypass LAN 192.1.3.0/24:  192.1.3.0/24 === 192.1.3.0/24 PASS
Bypass LAN 192.1.33.0/24:  192.1.33.0/24 === 192.1.33.0/24 PASS
Security Associations (1 up, 0 connecting):
   road-east[1]: ESTABLISHED XXX second ago, 192.1.3.209[192.1.3.209]...192.1.2.23[east]
   road-east{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: SPISPI_i SPISPI_o
   road-east{1}:   192.0.3.10/32 === 192.0.2.0/24
road #
 # note this end should be 192.1.3.209
road #
 ip xfrm state
src 192.1.3.209 dst 192.1.2.23
	encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
src 192.1.2.23 dst 192.1.3.209
	encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
road #
 ip xfrm policy
src 192.0.3.10/32 dst 192.0.2.0/24 
	dir out priority 371327 ptype main 
	tmpl src 192.1.3.209 dst 192.1.2.23
src 192.0.2.0/24 dst 192.0.3.10/32 
	dir fwd priority 371327 ptype main 
	tmpl src 192.1.2.23 dst 192.1.3.209
src 192.0.2.0/24 dst 192.0.3.10/32 
	dir in priority 371327 ptype main 
	tmpl src 192.1.2.23 dst 192.1.3.209
src 192.1.33.0/24 dst 192.1.33.0/24 
	dir fwd priority 175423 ptype main 
src 192.1.33.0/24 dst 192.1.33.0/24 
	dir in priority 175423 ptype main 
src 192.1.33.0/24 dst 192.1.33.0/24 
	dir out priority 175423 ptype main 
src 192.1.3.0/24 dst 192.1.3.0/24 
	dir fwd priority 175423 ptype main 
src 192.1.3.0/24 dst 192.1.3.0/24 
	dir in priority 175423 ptype main 
src 192.1.3.0/24 dst 192.1.3.0/24 
	dir out priority 175423 ptype main 
road #
 sleep 5
road #
 # remove this end ip next one will take over
road #
 ip route show scope global | grep 192.1.3.254 && ip route del default via 192.1.3.254
default via 192.1.3.254 dev eth0
road #
 ip route show scope global | grep 192.1.33.254 || ip route add default via 192.1.33.254
road #
 ip addr del 192.1.3.209/24 dev eth0
road #
 # let strongswan do a MOBIKE update
road #
 sleep 10
road #
 # both ends updated MOBIKE ping should work
road #
 # note this end should be 192.1.33.222
road #
 strongswan status
Shunted Connections:
Bypass LAN 192.1.33.0/24:  192.1.33.0/24 === 192.1.33.0/24 PASS
Security Associations (1 up, 0 connecting):
   road-east[1]: ESTABLISHED XXX second ago, 192.1.33.222[192.1.3.209]...192.1.2.23[east]
   road-east{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: SPISPI_i SPISPI_o
   road-east{1}:   192.0.3.10/32 === 192.0.2.0/24
road #
 ip xfrm state
src 192.1.33.222 dst 192.1.2.23
	encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
src 192.1.2.23 dst 192.1.33.222
	encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
road #
 ip xfrm policy
src 192.0.3.10/32 dst 192.0.2.0/24 
	dir out priority 371327 ptype main 
	tmpl src 192.1.33.222 dst 192.1.2.23
src 192.0.2.0/24 dst 192.0.3.10/32 
	dir fwd priority 371327 ptype main 
	tmpl src 192.1.2.23 dst 192.1.33.222
src 192.0.2.0/24 dst 192.0.3.10/32 
	dir in priority 371327 ptype main 
	tmpl src 192.1.2.23 dst 192.1.33.222
src 192.1.33.0/24 dst 192.1.33.0/24 
	dir fwd priority 175423 ptype main 
src 192.1.33.0/24 dst 192.1.33.0/24 
	dir in priority 175423 ptype main 
src 192.1.33.0/24 dst 192.1.33.0/24 
	dir out priority 175423 ptype main 
road #
 ping -n -q -W 1 -c 2 -I 192.0.3.10 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.3.10 : 56(84) bytes of data.
--- 192.0.2.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time XXXX
rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
road #
 grep "requesting address change using MOBIKE" /tmp/charon.log | sed "s/^.*road/road/"
road-east|1> requesting address change using MOBIKE
road #
 echo done
done
road #
 if [ -f /var/run/pluto/pluto.pid ]; then ../../guestbin/ipsec-look.sh ; fi
road #
 if [ -f /var/run/pluto/pluto.pid ]; then ipsec whack --trafficstatus ; fi
road #
 if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan status ; fi
Shunted Connections:
Bypass LAN 192.1.33.0/24:  192.1.33.0/24 === 192.1.33.0/24 PASS
Security Associations (1 up, 0 connecting):
   road-east[1]: ESTABLISHED XXX second ago, 192.1.33.222[192.1.3.209]...192.1.2.23[east]
   road-east{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: SPISPI_i SPISPI_o
   road-east{1}:   192.0.3.10/32 === 192.0.2.0/24
road #
 
