/testing/guestbin/swan-prep
east #
 ip addr show dev eth0 | grep 192.0.200.254 || ip addr add 192.0.200.254/24 dev eth0:1
east #
 ip addr show dev eth0 | grep 192.0.201.254 || ip addr add 192.0.201.254/24 dev eth0:1
east #
 ip route show scope global | grep 192.0.100.0 || ip route add 192.0.100.0/24 via 192.1.2.45  dev eth1
east #
 ip route show scope global | grep 192.0.101.0 || ip route add 192.0.101.0/24 via 192.1.2.45  dev eth1
east #
 ipsec start
Redirecting to: systemctl start ipsec.service
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-ikev2a
002 added connection description "westnet-eastnet-ikev2a"
east #
 ipsec auto --add westnet-eastnet-ikev2b
002 added connection description "westnet-eastnet-ikev2b"
east #
 ipsec auto --add westnet-eastnet-ikev2c
002 added connection description "westnet-eastnet-ikev2c"
east #
 echo "initdone"
initdone
east #
 ipsec whack --trafficstatus
006 #12: "westnet-eastnet-ikev2a", type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='@west'
006 #13: "westnet-eastnet-ikev2b", type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='@west'
006 #10: "westnet-eastnet-ikev2c", type=ESP, add_time=1234567890, inBytes=252, outBytes=252, id='@west'
006 #14: "westnet-eastnet-ikev2c", type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@west'
east #
 ipsec status |grep STATE_ | sort
000 #11: "westnet-eastnet-ikev2c":500 STATE_PARENT_R2 (received v2I2, PARENT SA established); EVENT_SA_REPLACE in  XXs; newest ISAKMP; idle; import:respond to stranger
000 #12: "westnet-eastnet-ikev2a":500 STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REPLACE in  XXs; newest IPSEC; eroute owner; isakmp#11; idle; import:respond to stranger
000 #13: "westnet-eastnet-ikev2b":500 STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REPLACE in  XXs; newest IPSEC; eroute owner; isakmp#11; idle; import:respond to stranger
000 #14: "westnet-eastnet-ikev2c":500 STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REPLACE in  XXs; newest IPSEC; eroute owner; isakmp#11; idle; import:respond to stranger
east #
 # there should be only one IKE_INIT exchange
east #
 grep "STATE_PARENT_I1 with STF_OK" /tmp/pluto.log
east #
 grep "STATE_PARENT_R1 with STF_OK" /tmp/pluto.log
| #1 complete v2 state transition from STATE_PARENT_R1 with STF_OK
east #
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

