/testing/guestbin/swan-prep
west #
 # confirm that the network is alive
west #
 ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec whack --impair suppress-retransmits
west #
 ipsec auto --add westnet-eastnet-camellia
002 "westnet-eastnet-camellia": added IKEv1 connection
west #
 echo "initdone"
initdone
west #
 ipsec auto --up westnet-eastnet-camellia
002 "westnet-eastnet-camellia" #1: initiating IKEv1 Main Mode connection
1v1 "westnet-eastnet-camellia" #1: sent Main Mode request
1v1 "westnet-eastnet-camellia" #1: sent Main Mode I2
1v1 "westnet-eastnet-camellia" #1: sent Main Mode I3
002 "westnet-eastnet-camellia" #1: Peer ID is ID_FQDN: '@east'
003 "westnet-eastnet-camellia" #1: authenticated using RSA with SHA-1
004 "westnet-eastnet-camellia" #1: IKE SA established {auth=RSA_SIG cipher=CAMELLIA_CBC_256 integ=HMAC_SHA1 group=MODP2048}
002 "westnet-eastnet-camellia" #2: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO
1v1 "westnet-eastnet-camellia" #2: sent Quick Mode request
004 "westnet-eastnet-camellia" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=CAMELLIA_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
west #
 ../../pluto/bin/ping-once.sh --up -I 192.0.1.254 192.0.2.254
up
west #
 echo done
done
west #
 ../../pluto/bin/ipsec-look.sh
west NOW
XFRM state:
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(camellia) 0xENCKEY
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(camellia) 0xENCKEY
XFRM policy:
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority 2084814 ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir fwd priority 2084814 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir in priority 2084814 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 via 192.1.2.23 dev eth1
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
west #