/testing/guestbin/swan-prep --userland strongswan
east #
 ../../guestbin/strongswan-start.sh
east #
 echo "initdone"
initdone
east #
 ip xfrm policy
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir out priority 375423 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp spi 0xSPISPI reqid REQID mode tunnel
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp spi 0xSPISPI reqid REQID mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir fwd priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid REQID mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir in priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid REQID mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir fwd priority 175423 ptype main 
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir in priority 175423 ptype main 
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir out priority 175423 ptype main 
src 192.0.2.0/24 dst 192.0.2.0/24 
	dir fwd priority 175423 ptype main 
src 192.0.2.0/24 dst 192.0.2.0/24 
	dir in priority 175423 ptype main 
src 192.0.2.0/24 dst 192.0.2.0/24 
	dir out priority 175423 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
east #
 ip xfrm state
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 0 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.23 dst 192.1.2.45
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.23 dst 192.1.2.45
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.45 dst 192.1.2.23
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
east #
 if [ -f /var/run/pluto/pluto.pid ]; then ../../guestbin/ipsec-look.sh ; fi
east #
 if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan statusall ; fi
Status of IKE charon daemon (strongSwan VERSION):
  uptime: XXX second, since YYY
  malloc sbrk XXXXXX,mmap X, used XXXXXX, free XXXXX
Listening IP addresses:
  192.0.2.254
  192.1.2.23
Connections:
westnet-eastnet-ikev2:  192.1.2.23...192.1.2.45  IKEv2
westnet-eastnet-ikev2:   local:  [east] uses pre-shared key authentication
westnet-eastnet-ikev2:   remote: [west] uses pre-shared key authentication
westnet-eastnet-ikev2:   child:  192.0.2.0/24 === 192.0.1.0/24 TUNNEL
Shunted Connections:
Bypass LAN 192.0.2.0/24:  192.0.2.0/24 === 192.0.2.0/24 PASS
Bypass LAN 192.1.2.0/24:  192.1.2.0/24 === 192.1.2.0/24 PASS
Security Associations (1 up, 0 connecting):
westnet-eastnet-ikev2[1]: ESTABLISHED XXX second ago, 192.1.2.23[east]...192.1.2.45[west]
westnet-eastnet-ikev2[1]: IKEv2 SPIs: SPISPI_i SPISPI_r*, pre-shared key reauthentication in 2 hours
westnet-eastnet-ikev2[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
westnet-eastnet-ikev2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
westnet-eastnet-ikev2{1}:  AES_CBC_128/HMAC_SHA2_512_256, XXX bytes_i (XX pkts, XXs ago), XXX bytes_o (XX pkts, XXs ago), rekeying in XX minutes
westnet-eastnet-ikev2{1}:   192.0.2.0/24 === 192.0.1.0/24
east #
 
