>>>>>>>>>>cut>>>>>>>>>> roadinit.sh <<<<<<<<<<tuc<<<<<<<<<</testing/guestbin/swan-prep
[root@road ikev2-xfrmi-02]# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
[root@road ikev2-xfrmi-02]# ipsec start
Redirecting to: systemctl start ipsec.service
[   21.146799] AVX or AES-NI instructions are not detected.
[   21.149820] AVX or AES-NI instructions are not detected.
[   21.340640] IPv4 over IPsec tunneling driver
[   21.348972] IPsec XFRM device driver
[root@road ikev2-xfrmi-02]# ../../guestbin/wait-until-pluto-started
==== cut ====
000   PID  Process
addconn exited
==== tuc ====
[root@road ikev2-xfrmi-02]# ipsec whack --impair suppress-retransmits
[root@road ikev2-xfrmi-02]# ipsec auto --add road
002 "road": added IKEv2 connection
[root@road ikev2-xfrmi-02]# echo "initdone"
initdone
[root@road ikev2-xfrmi-02]# >>>>>>>>>>cut>>>>>>>>>> roadrun.sh <<<<<<<<<<tuc<<<<<<<<<<ipsec auto --up road
181 "road" #1: initiating IKEv2 connection
181 "road" #1: sent IKE_SA_INIT request
182 "road" #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
003 "road" #1: established IKE SA; authenticated using authby=secret and peer ID_FQDN '@east'
[   22.711011] alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106(gcm_base(ctr(aes-generic),ghash-generic))))
004 "road" #2: established Child SA using #1; IPsec tunnel [192.1.3.209-192.1.3.209:0-65535 0] -> [192.1.2.23-192.1.2.23:0-65535 0] {ESP/ESN=>0x82ea9c20 <0xf25afccf xfrm=AES_GCM_16_256-NONE DPD=passive}
[root@road ikev2-xfrmi-02]# # ip rule add prio 100 to 192.1.2.23/32 not fwmark 1/0xffffffff lookup 50
[root@road ikev2-xfrmi-02]# # sleep 2
[root@road ikev2-xfrmi-02]# # ip route add table 50 192.1.2.23/32 dev ipsec0 src 192.1.3.209
[root@road ikev2-xfrmi-02]# ../../guestbin/ping-once.sh --up 192.1.2.23
==== cut ====
ping -q -n -c 1 -i 6 -w 5 192.1.2.23
==== tuc ====
==== cut ====
PING 192.1.2.23 (192.1.2.23) 56(84) bytes of data.

--- 192.1.2.23 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.498/0.498/0.498/0.000 ms
==== tuc ====
up
[root@road ikev2-xfrmi-02]# ip -s link show ipsec0
5: ipsec0@eth0: <NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none 
    RX: bytes  packets  errors  dropped missed  mcast   
    84         1        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    84         1        0       0       0       0       
[root@road ikev2-xfrmi-02]# ip rule show
0:	from all lookup local
100:	from all to 192.1.2.23 fwmark 0x4000 lookup 50
32766:	from all lookup main
32767:	from all lookup default
[root@road ikev2-xfrmi-02]# ip route show table 50
192.1.2.23 via 192.1.3.254 dev eth0 
[root@road ikev2-xfrmi-02]# ip route
default via 192.1.3.254 dev eth0 proto static 
192.1.2.23 dev ipsec0 scope link 
192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209 
[root@road ikev2-xfrmi-02]# # check if_id and mark in ip xfrm state
[root@road ikev2-xfrmi-02]# ip xfrm state
src 192.1.2.23 dst 192.1.3.209
	proto esp spi 0xf25afccf reqid 16389 mode tunnel
	replay-window 0 flag af-unspec esn
	output-mark 0x4000/0xffffffff
	aead rfc4106(gcm(aes)) 0xf31ade313b281c6e53951e8b8f2d08b91df5e63e227ac15aca469d685bfe8a1f480c17fe 128
	anti-replay esn context:
	 seq-hi 0x0, seq 0x1, oseq-hi 0x0, oseq 0x0
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 00000001 
	if_id 0x4000
src 192.1.3.209 dst 192.1.2.23
	proto esp spi 0x82ea9c20 reqid 16389 mode tunnel
	replay-window 0 flag af-unspec esn
	output-mark 0x4000/0xffffffff
	aead rfc4106(gcm(aes)) 0xaf43d2c715b8986fa314dbd7de30484c62a8d16a6524ccc25a3d4a6f84f1f81a9adfa7e1 128
	anti-replay esn context:
	 seq-hi 0x0, seq 0x0, oseq-hi 0x0, oseq 0x1
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 00000000 
	if_id 0x4000
[root@road ikev2-xfrmi-02]# echo done
done
[root@road ikev2-xfrmi-02]# >>>>>>>>>>cut>>>>>>>>>> final.sh <<<<<<<<<<tuc<<<<<<<<<<ipsec whack --trafficstatus
006 #2: "road", type=ESP, add_time=1641102170, inBytes=84, outBytes=84, id='@east'
[root@road ikev2-xfrmi-02]# >>>>>>>>>> post-mortem >>>>>>>>>>../../guestbin/post-mortem.sh
   PPID     PID    PGID     SID TTY        TPGID STAT   UID   TIME COMMAND
      1     759     759     759 ?             -1 Ssl      0   0:00 /usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
:
: checking shutting down pluto
:
ipsec whack --shutdown
pidof pluto
PASS: shutting down pluto
:
: checking core files
:
PASS: core files
:
: checking memory leaks
:
PASS: memory leaks
:
: checking reference leaks
:
PASS: reference leaks
:
: checking xfrm errors
:
ERROR: road: XfrmOutNoStates         	1
IGNORE: xfrm errors
:
: checking state/policy entries
:
PASS: state/policy entries
:
: checking selinux audit records
:
PASS: selinux audit records
:
: unload any selinux modules
:
[root@road ikev2-xfrmi-02]# <<<<<<<<<< post-mortem <<<<<<<<<<>>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<<tuc<<<<<<<<<<