/testing/guestbin/swan-prep --userland strongswan
west #
 ../../guestbin/strongswan-start.sh
west #
 ip link set down dev ipsec0 2> /dev/null > /dev/null
west #
 ip link del ipsec0 2> /dev/null > /dev/null
west #
 ip rule del pref 220 2> /dev/null > /dev/null
west #
 ip route del 192.0.2.0/24
west #
 ip route del 192.1.2.0/24 dev eth0 table 220 2> /dev/null > /dev/null
west #
 ip link add ipsec0 type xfrm if_id 2 dev eth0
west #
 swanctl  --load-conns
loaded connection 'west'
successfully loaded 1 connections, 0 unloaded
west #
 echo "initdone"
initdone
west #
 swanctl --initiate --child westnet-eastnet
[IKE] initiating IKE_SA west[1] to 192.1.2.23
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
[NET] sending packet: from 192.1.2.45[500] to 192.1.2.23[500] (XXX bytes)
[NET] received packet: from 192.1.2.23[500] to 192.1.2.45[500] (XXX bytes)
[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
[IKE] authentication of 'west' (myself) with pre-shared key
[IKE] establishing CHILD_SA westnet-eastnet{1}
[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
[NET] sending packet: from 192.1.2.45[500] to 192.1.2.23[500] (XXX bytes)
[NET] received packet: from 192.1.2.23[500] to 192.1.2.45[500] (XXX bytes)
[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
[IKE] authentication of 'east' with pre-shared key successful
[IKE] IKE_SA west[1] established between 192.1.2.45[west]...192.1.2.23[east]
[IKE] scheduling rekeying in XXXs
[IKE] maximum IKE_SA lifetime XXXs
[CFG] selected proposal: ESP:AES_GCM_16_128
[IKE] CHILD_SA westnet-eastnet{1} established with SPIs SPISPI_i SPISPI_o and TS 192.0.1.0/24 === 192.0.2.0/24
initiate completed successfully
west #
 ping -n -q -w 4 -c 4 -I 192.0.1.254 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
--- 192.0.2.254 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time XXXX
west #
 ip xfrm policy
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir out priority PRIORITY ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
	if_id 0x2
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir fwd priority PRIORITY ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
	if_id 0x2
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir in priority PRIORITY ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
	if_id 0x2
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir fwd priority PRIORITY ptype main 
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir in priority PRIORITY ptype main 
src 192.1.2.0/24 dst 192.1.2.0/24 
	dir out priority PRIORITY ptype main 
src 192.0.1.0/24 dst 192.0.1.0/24 
	dir fwd priority PRIORITY ptype main 
src 192.0.1.0/24 dst 192.0.1.0/24 
	dir in priority PRIORITY ptype main 
src 192.0.1.0/24 dst 192.0.1.0/24 
	dir out priority PRIORITY ptype main 
west #
 ip xfrm state
src 192.1.2.45 dst 192.1.2.23
	if_id 0x2
src 192.1.2.23 dst 192.1.2.45
	if_id 0x2
west #
 ip link set up dev ipsec0
west #
 ip route add 192.0.2.0/24 dev ipsec0
west #
 ping -n -q -w 4 -c 4 -I 192.0.1.254 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
--- 192.0.2.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time XXXX
rtt min/avg/max/mdev = 0.XXX/0.XXX/0.XXX/0.XXX ms
west #
 ip -s link show ipsec0
X: ipsec0@eth0: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
    RX: bytes  packets  errors  dropped missed  mcast   
    336        4        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    336        4        0       0       0       0       
west #
 ip rule show
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
west #
 ip route
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 dev ipsec0 scope link
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
west #
 ip route show table 220
throw 192.0.1.0/24
throw 192.0.2.0/24
throw 192.1.2.0/24
west #
 
