/testing/guestbin/swan-prep
east #
 ipsec setup start
Redirecting to: systemctl start ipsec.service
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-compress
002 added connection description "westnet-eastnet-compress"
east #
 ipsec auto --status | grep westnet-eastnet-compress
000 "westnet-eastnet-compress": 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24; unrouted; eroute owner: #0
000 "westnet-eastnet-compress":     oriented; my_ip=unset; their_ip=unset
000 "westnet-eastnet-compress":   xauth info: us:none, them:none,  my_xauthuser=[any]; their_xauthuser=[any]
000 "westnet-eastnet-compress":   modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "westnet-eastnet-compress":   labeled_ipsec:no;
000 "westnet-eastnet-compress":   policy_label:unset;
000 "westnet-eastnet-compress":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "westnet-eastnet-compress":   retransmit-interval: 9999ms; retransmit-timeout: 99s;
000 "westnet-eastnet-compress":   sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "westnet-eastnet-compress":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "westnet-eastnet-compress":   conn_prio: 24,24; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "westnet-eastnet-compress":   dpd: action:hold; delay:0; timeout:0; nat-t: force_encaps:no; nat_keepalive:yes; ikev1_natt:both
000 "westnet-eastnet-compress":   newest ISAKMP SA: #0; newest IPsec SA: #0;
east #
 echo "initdone"
initdone
east #
 ipsec look
east NOW
XFRM state:
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPIXX reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto comp spi 0xSPISPIXX reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	comp deflate 
src 192.1.2.45 dst 192.1.2.23
	proto 4 spi 0xSPISPIXX reqid REQID mode tunnel
	replay-window 0 flag af-unspec
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPIXX reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.23 dst 192.1.2.45
	proto comp spi 0xSPISPIXX reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	comp deflate 
src 192.1.2.23 dst 192.1.2.45
	proto 4 spi 0xSPISPIXX reqid REQID mode tunnel
	replay-window 0 flag af-unspec
XFRM policy:
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir out priority 2344 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp reqid REQID mode tunnel
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir fwd priority 2344 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid REQID mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir in priority 2344 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid REQID mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1 
192.0.1.0/24 via 192.1.2.45 dev eth1 
192.0.2.0/24 dev eth0  proto kernel  scope link  src 192.0.2.254 
192.1.2.0/24 dev eth1  proto kernel  scope link  src 192.1.2.23 
192.9.2.0/24 dev eth2  proto kernel  scope link  src 192.9.2.23 
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east #
east #
 if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv /tmp/core* OUTPUT/; fi
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

