/testing/guestbin/swan-prep
road #
 cp policies/* /etc/ipsec.d/policies/
road #
 echo "192.1.2.0/24"  >> /etc/ipsec.d/policies/private-or-clear
road #
 ipsec start
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 # ensure for tests acquires expire before our failureshunt is installed
road #
 echo 30 > /proc/sys/net/core/xfrm_acq_expires
road #
 # give OE policies time to load
road #
 ../../guestbin/wait-for.sh --match 'loaded 10,' -- ipsec auto --status
000 Total IPsec connections: loaded 10, active 0
road #
 ip -s xfrm monitor > /tmp/xfrm-monitor.out &
[x] PID
road #
 echo "initdone"
initdone
road #
 ping -n -q -c 2 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.
--- 192.1.2.23 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time XXXX
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
road #
 sleep 10
road #
 # send a ping that still hits negotiationshunt=hold and fails
road #
 # wait on OE retransmits and rekeying
road #
 ping -n -q -c 2 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.
--- 192.1.2.23 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time XXXX
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
road #
 sleep 10
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
road #
 # sleep to let timers install failureshunt=pass
road #
 sleep 30
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
000 192.1.3.209/32 -0-> 192.1.2.23/32 => %pass 0    oe-failed
road #
 sleep 30
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
000 192.1.3.209/32 -0-> 192.1.2.23/32 => %pass 0    oe-failed
road #
 # ping should go out in the clear now and get a reply
road #
 ping -n -q -c 4 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.
--- 192.1.2.23 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time XXXX
rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
road #
 ipsec whack --trafficstatus
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
000 192.1.3.209/32 -0-> 192.1.2.23/32 => %pass 0    oe-failed
road #
 ../../guestbin/ipsec-look.sh
road NOW
XFRM state:
XFRM policy:
src 192.1.3.209/32 dst 192.1.2.23/32
	dir out priority 0 ptype main
src 192.1.2.253/32 dst 192.1.3.209/32
	dir fwd priority PRIORITY ptype main
src 192.1.2.253/32 dst 192.1.3.209/32
	dir in priority PRIORITY ptype main
src 192.1.2.254/32 dst 192.1.3.209/32
	dir fwd priority PRIORITY ptype main
src 192.1.2.254/32 dst 192.1.3.209/32
	dir in priority PRIORITY ptype main
src 192.1.3.209/32 dst 192.1.2.253/32
	dir out priority PRIORITY ptype main
src 192.1.3.209/32 dst 192.1.2.254/32
	dir out priority PRIORITY ptype main
src 192.1.3.209/32 dst 192.1.3.253/32
	dir out priority PRIORITY ptype main
src 192.1.3.209/32 dst 192.1.3.254/32
	dir out priority PRIORITY ptype main
src 192.1.3.253/32 dst 192.1.3.209/32
	dir fwd priority PRIORITY ptype main
src 192.1.3.253/32 dst 192.1.3.209/32
	dir in priority PRIORITY ptype main
src 192.1.3.254/32 dst 192.1.3.209/32
	dir fwd priority PRIORITY ptype main
src 192.1.3.254/32 dst 192.1.3.209/32
	dir in priority PRIORITY ptype main
src 192.1.3.209/32 dst 192.1.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
XFRM done
IPSEC mangle TABLES
iptables filter TABLE
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ROUTING TABLES
default via 192.1.3.254 dev eth0
192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
road #
 killall ip > /dev/null 2> /dev/null
road #
 cp /tmp/xfrm-monitor.out OUTPUT/road.xfrm-monitor.txt
road #
 echo done
done
road #
 # should not show any hits
road #
 grep "^[^|].* established Child SA" /tmp/pluto.log
road #
 
