/testing/guestbin/swan-prep --userland strongswan
east #
 ../../pluto/bin/strongswan-start.sh
east #
 echo "initdone"
initdone
east #
 ip xfrm pol
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir out priority 375423 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp spi 0xSPISPI reqid 1 mode tunnel
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp spi 0xSPISPI reqid 1 mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir fwd priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid 1 mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 1 mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir in priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid 1 mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 1 mode transport
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
east #
 ip xfrm state
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 0 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.23 dst 192.1.2.45
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.23 dst 192.1.2.45
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.45 dst 192.1.2.23
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
east #
 if [ -f /var/run/pluto/pluto.pid ]; then ../../pluto/bin/ipsec-look.sh ; fi
east #
 if [ -f /var/run/charon.pid ]; then strongswan statusall ; fi
Status of IKE charon daemon (strongSwan VERSION):
  uptime: XXX second, since YYY
  malloc sbrk XXXXXX,mmap X, used XXXXXX, free XXXXX
Listening IP addresses:
  192.0.2.254
  192.1.2.23
  192.9.2.23
Connections:
westnet-eastnet-ikev2:  192.1.2.23...192.1.2.45  IKEv2
westnet-eastnet-ikev2:   local:  [east] uses pre-shared key authentication
westnet-eastnet-ikev2:   remote: [west] uses pre-shared key authentication
westnet-eastnet-ikev2:   child:  192.0.2.0/24 === 192.0.1.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
westnet-eastnet-ikev2[1]: ESTABLISHED XXX second ago, 192.1.2.23[east]...192.1.2.45[west]
westnet-eastnet-ikev2[1]: IKEv2 SPIs: SPISPI_i SPISPI_r*, pre-shared key reauthentication in 2 hours
westnet-eastnet-ikev2[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
westnet-eastnet-ikev2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
westnet-eastnet-ikev2{1}:  AES_CBC_128/HMAC_SHA2_512_256, XXX bytes_i (XX pkts, XXs ago), XXX bytes_o (XX pkts, XXs ago), rekeying in XX minutes
westnet-eastnet-ikev2{1}:   192.0.2.0/24 === 192.0.1.0/24
east #
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

