/testing/guestbin/swan-prep
west #
 grep right.libreswan.org /etc/hosts > /dev/null && echo "TEST FAILED - should not have /etc/hosts entry at start"
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec whack --impair suppress-retransmits
west #
 ipsec auto --add named
000 "named": failed to convert 'right.libreswan.org' at load time: not a numeric IPv4 address and name lookup failed (no validation performed)
002 "named": added IKEv2 connection
west #
 ipsec status | grep "===" # should show %dns for pending resolve
000 "named": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]---192.1.2.23...%dns<right.libreswan.org>[@east]===192.0.2.0/24; unrouted; eroute owner: #0
west #
 echo "initdone"
initdone
west #
 sleep 5
west #
 echo "192.1.2.23 right.libreswan.org" >> /etc/hosts
west #
 # trigger DDNS event (saves us from waiting)
west #
 ipsec whack --ddns
002 updating pending dns lookups
west #
 # there should be no states
west #
 ipsec status |grep STATE_
west #
 ipsec status | grep "===" # should no longer show %dns as resolving completed
000 "named": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<right.libreswan.org>[@east]===192.0.2.0/24; unrouted; eroute owner: #0
west #
 # confirm it all resolved by bringing the conn up manually
west #
 ipsec auto --up named
1v2 "named" #1: initiating IKEv2 connection
1v2 "named" #1: sent IKE_SA_INIT request
1v2 "named" #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
003 "named" #1: established IKE SA; authenticated using authby=secret and peer ID_FQDN '@east'
004 "named" #2: established Child SA; IPsec tunnel [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] {ESP=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
west #
 echo done
done
west #
 
