/testing/guestbin/swan-prep
road #
 cp policies/* /etc/ipsec.d/policies/
road #
 echo "192.1.2.0/24"  >> /etc/ipsec.d/policies/private-or-clear
road #
 ipsec start
Redirecting to: systemctl start ipsec.service
road #
 /testing/pluto/bin/wait-until-pluto-started
road #
 # ensure for tests acquires expire before our failureshunt=2m
road #
 echo 30 > /proc/sys/net/core/xfrm_acq_expires
road #
 # give OE policies time to load
road #
 sleep 5
road #
 ip -s xfrm monitor > /tmp/xfrm-monitor.out &
[x] PID
road #
 echo "initdone"
initdone
road #
 # ping causes acquire
road #
 ping -n -c 1 -I 192.1.3.209 192.1.2.123
PING 192.1.2.123 (192.1.2.123) from 192.1.3.209 : 56(84) bytes of data.
--- 192.1.2.123 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time XXXX
road #
 # wait on OE retransmits and rekeying, and delete that causes shunt install
road #
 sleep 30
road #
 # should show shunt pass because NAT causes OE to fail. east left without any states
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
000 192.1.3.209/32:0 -0-> 192.1.2.123/32:0 => %pass 0    oe-failing
road #
 # send a forwarded packet to east so its reply will cause east's kernel to ACQUIRE
road #
 # this sends more than one packet so east likely already can reply in the clear
road #
 echo "PLAINTEXT" | nc -s 192.1.3.209 192.1.2.123 22
SSH-2.0-OpenSSH_XXX
Protocol mismatch.
road #
 # time for IKE from east to fail
road #
 sleep 20
road #
 # echo should work due to pass shunts on both ends
road #
 echo "PLAINTEXT" | nc -s 192.1.3.209 192.1.2.123 22
SSH-2.0-OpenSSH_XXX
Protocol mismatch.
road #
 killall ip > /dev/null 2> /dev/null
[1]+  Terminated              ip -s xfrm monitor > /tmp/xfrm-monitor.out
road #
 cp /tmp/xfrm-monitor.out OUTPUT/road.xfrm-monitor.txt
road #
 echo done
done
road #
 # No tunnels should have established but a shunt should exist
road #
 ipsec whack --trafficstatus
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
000 192.1.3.209/32:0 -0-> 192.1.2.123/32:0 => %pass 0    oe-failing
road #
road #
 if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv /tmp/core* OUTPUT/; fi
road #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

