/testing/guestbin/swan-prep
east #
 cp policies/* /etc/ipsec.d/policies/
east #
 echo "192.1.3.0/24"  >> /etc/ipsec.d/policies/private-or-clear
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add authenticated
002 "authenticated": added IKEv2 connection
east #
 # give OE policies time to load
east #
 ../../guestbin/wait-for.sh --match 'loaded 11,' -- ipsec auto --status
000 Total IPsec connections: loaded 11, active 0
east #
 echo "initdone"
initdone
east #
 # only east should show 1 tunnel
east #
 ipsec whack --trafficstatus
006 #2: "authenticated"[1] 192.1.3.209, type=ESP, add_time=1234567890, inBytes=84, outBytes=84, id='@road'
east #
 # east shows the authnull is matched on preferred non-null connection,
east #
 # then cannot find a (non-authnull) match and rejects it. So an
east #
 # additional 'authenticated' partial state lingers
east #
 ipsec status | grep STATE_
000 #1: "authenticated"[1] 192.1.3.209:500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); REKEY in XXs; newest ISAKMP; idle;
000 #2: "authenticated"[1] 192.1.3.209:500 STATE_V2_ESTABLISHED_CHILD_SA (established Child SA); REKEY in XXs; newest IPSEC; eroute owner; isakmp#1; idle;
east #
 
