/testing/guestbin/swan-prep --userland strongswan
west #
 # confirm that the network is alive
west #
 ../../guestbin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../guestbin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ../../guestbin/strongswan-start.sh
west #
 echo "initdone"
initdone
west #
 swanctl --initiate --child westnet-eastnet-ikev1 --loglevel 0
[IKE] initiating Main Mode IKE_SA westnet-eastnet-ikev1[1] to 192.1.2.23
[IKE] IKE_SA westnet-eastnet-ikev1[1] established between 192.1.2.45[west]...192.1.2.23[east]
[IKE] CHILD_SA westnet-eastnet-ikev1{1} established with SPIs SPISPI_i SPISPI_o and TS 192.0.1.0/24 === 192.0.2.0/24
initiate completed successfully
west #
 ../../guestbin/ping-once.sh --up -I 192.0.1.254 192.0.2.254
up
west #
 echo done
done
west #
 if [ -f /var/run/pluto/pluto.pid ]; then ipsec _kernel state ; fi
west #
 if [ -f /var/run/pluto/pluto.pid ]; then ipsec _kernel policy ; fi
west #
 if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan statusall ; fi
Status of IKE charon daemon (strongSwan VERSION):
  uptime: XXX second, since YYY
  malloc sbrk XXXXXX,mmap X, used XXXXXX, free XXXXX
Listening IP addresses:
  192.0.1.254
  192.1.2.45
Connections:
westnet-eastnet-ikev1:  192.1.2.45...192.1.2.23  IKEv1
westnet-eastnet-ikev1:   local:  [west] uses pre-shared key authentication
westnet-eastnet-ikev1:   remote: [east] uses pre-shared key authentication
westnet-eastnet-ikev1:   child:  192.0.1.0/24 === 192.0.2.0/24 TUNNEL
Shunted Connections:
Bypass LAN 192.0.1.0/24:  192.0.1.0/24 === 192.0.1.0/24 PASS
Bypass LAN 192.1.2.0/24:  192.1.2.0/24 === 192.1.2.0/24 PASS
Security Associations (1 up, 0 connecting):
westnet-eastnet-ikev1[1]: ESTABLISHED XXX second ago, 192.1.2.45[west]...192.1.2.23[east]
westnet-eastnet-ikev1[1]: IKEv1 SPIs: SPISPI_i* SPISPI_r, pre-shared key reauthentication in 2 hours
westnet-eastnet-ikev1[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
westnet-eastnet-ikev1{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
westnet-eastnet-ikev1{1}:  AES_CBC_128/HMAC_SHA2_256_128/MODP_1536, XXX bytes_i (XX pkts, XXs ago), XXX bytes_o (XX pkts, XXs ago), rekeying in XX minutes
westnet-eastnet-ikev1{1}:   192.0.1.0/24 === 192.0.2.0/24
west #
