/testing/guestbin/swan-prep --userland strongswan
east #
 ../../guestbin/strongswan-start.sh
east #
 echo "initdone"
initdone
east #
 ../../guestbin/ipsec-look.sh
east NOW
XFRM state:
src 192.1.2.23 dst 192.1.33.222
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha256) 0xHASHKEY 128
	enc cbc(aes) 0xENCKEY
src 192.1.33.222 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha256) 0xHASHKEY 128
	enc cbc(aes) 0xENCKEY
XFRM policy:
src 192.0.2.0/24 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
src 192.0.2.0/24 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
src 192.0.2.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
src 192.1.2.0/24 dst 192.1.2.0/24
	dir fwd priority PRIORITY ptype main
src 192.1.2.0/24 dst 192.1.2.0/24
	dir in priority PRIORITY ptype main
src 192.1.2.0/24 dst 192.1.2.0/24
	dir out priority PRIORITY ptype main
src 192.0.2.0/24 dst 192.0.3.1/32
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.33.222
		proto esp spi 0xSPISPI reqid REQID mode tunnel
src 192.0.3.1/32 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.33.222 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.3.1/32 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.33.222 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 via 192.1.2.45 dev eth1
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
east #
 if [ -f /var/run/pluto/pluto.pid ]; then ipsec whack --trafficstatus ; fi
east #
 if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan status ; fi
Shunted Connections:
Bypass LAN 192.0.2.0/24:  192.0.2.0/24 === 192.0.2.0/24 PASS
Bypass LAN 192.1.2.0/24:  192.1.2.0/24 === 192.1.2.0/24 PASS
Security Associations (1 up, 0 connecting):
roadnet-eastnet-ikev2[2]: ESTABLISHED XXX second ago, 192.1.2.23[east]...192.1.33.222[road]
roadnet-eastnet-ikev2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o
roadnet-eastnet-ikev2{1}:   192.0.2.0/24 === 192.0.3.1/32
east #
 sleep 7
east #
 
