/testing/guestbin/swan-prep --userland strongswan
west #
 ../../pluto/bin/strongswan-start.sh
west #
 echo "initdone"
initdone
west #
 strongswan up westnet-eastnet-ikev2
initiating IKE_SA westnet-eastnet-ikev2[1] to 192.1.2.23
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.1.2.45[500] to 192.1.2.23[500] (XXX bytes)
received packet: from 192.1.2.23[500] to 192.1.2.45[500] (XXX bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
authentication of 'west' (myself) with pre-shared key
establishing CHILD_SA westnet-eastnet-ikev2{1}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(IPCOMP_SUP) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from 192.1.2.45[4500] to 192.1.2.23[4500] (XXX bytes)
received packet: from 192.1.2.23[4500] to 192.1.2.45[4500] (XXX bytes)
parsed IKE_AUTH response 1 [ IDr AUTH N(IPCOMP_SUP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]
authentication of 'east' with pre-shared key successful
IKE_SA westnet-eastnet-ikev2[1] established between 192.1.2.45[west]...192.1.2.23[east]
scheduling reauthentication in XXXs
maximum IKE_SA lifetime XXXs
selected proposal: ESP:AES_CBC_128/HMAC_SHA2_512_256/NO_EXT_SEQ
CHILD_SA westnet-eastnet-ikev2{1} established with SPIs SPISPI_i SPISPI_o and TS 192.0.1.0/24 === 192.0.2.0/24
connection 'westnet-eastnet-ikev2' established successfully
west #
 ping -n -c 4 -I 192.0.1.254 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.XXX ms
64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.XXX ms
64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.XXX ms
64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.XXX ms
--- 192.0.2.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time XXXX
rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
west #
 echo done
done
west #
 ip xfrm policy
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir out priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp spi 0xSPISPI reqid REQID mode tunnel
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp spi 0xSPISPI reqid REQID mode transport
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir fwd priority 375423 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp reqid REQID mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir in priority 375423 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp reqid REQID mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir fwd priority 175423 ptype main 
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir in priority 175423 ptype main 
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir out priority 175423 ptype main 
src 192.0.1.0/24 dst 192.0.1.0/24 
	dir fwd priority 175423 ptype main 
src 192.0.1.0/24 dst 192.0.1.0/24 
	dir in priority 175423 ptype main 
src 192.0.1.0/24 dst 192.0.1.0/24 
	dir out priority 175423 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
west #
 ip xfrm state
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 0 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.45 dst 192.1.2.23
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.23 dst 192.1.2.45
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.23 dst 192.1.2.45
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
west #
 if [ -f /var/run/pluto/pluto.pid ]; then ../../pluto/bin/ipsec-look.sh ; fi
west #
 if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan statusall ; fi
Status of IKE charon daemon (strongSwan VERSION):
  uptime: XXX second, since YYY
  malloc sbrk XXXXXX,mmap X, used XXXXXX, free XXXXX
Listening IP addresses:
  192.0.1.254
  192.1.2.45
Connections:
westnet-eastnet-ikev2:  192.1.2.45...192.1.2.23  IKEv2
westnet-eastnet-ikev2:   local:  [west] uses pre-shared key authentication
westnet-eastnet-ikev2:   remote: [east] uses pre-shared key authentication
westnet-eastnet-ikev2:   child:  192.0.1.0/24 === 192.0.2.0/24 TUNNEL
Shunted Connections:
Bypass LAN 192.0.1.0/24:  192.0.1.0/24 === 192.0.1.0/24 PASS
Bypass LAN 192.1.2.0/24:  192.1.2.0/24 === 192.1.2.0/24 PASS
Security Associations (1 up, 0 connecting):
westnet-eastnet-ikev2[1]: ESTABLISHED XXX second ago, 192.1.2.45[west]...192.1.2.23[east]
westnet-eastnet-ikev2[1]: IKEv2 SPIs: SPISPI_i* SPISPI_r, pre-shared key reauthentication in 2 hours
westnet-eastnet-ikev2[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
westnet-eastnet-ikev2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
westnet-eastnet-ikev2{1}:  AES_CBC_128/HMAC_SHA2_512_256, XXX bytes_i (XX pkts, XXs ago), XXX bytes_o (XX pkts, XXs ago), rekeying in XX minutes
westnet-eastnet-ikev2{1}:   192.0.1.0/24 === 192.0.2.0/24
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

