/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 # loaded via ipsec.conf - no ipsec auto --keep yet
east #
 # Late in the game there will be a revival attempt; make it pause so
east #
 # it can be run manually.
east #
 ipsec whack --impair revival
east #
 echo "initdone"
initdone
east #
 # road is up; capture the kernel policy on east
east #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.2.0/24 dst 192.1.3.209/32
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.254
		proto esp reqid REQID mode tunnel
src 192.1.3.209/32 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.1.3.209/32 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
east #
 # road is down, east with autostart=keep should try to revive; while
east #
 # this is happening kernel-policy should still be in place
east #
 ../../guestbin/wait-for-pluto.sh 'supposed to remain up'
"road-eastnet-ikev2"[1] 192.1.2.254 #2: connection is supposed to remain up; revival attempt 1 scheduled in 0 seconds
east #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.2.0/24 dst 192.1.3.209/32
	dir out priority PRIORITY ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
east #
 # Now trigger the revival.  Since ROAD is down it will fail.  And
east #
 # being KEEP further revivals are abandoned.
east #
 ipsec whack --impair trigger_revival:2
"road-eastnet-ikev2"[1] 192.1.2.254: IMPAIR: dispatch REVIVAL; attempt 1 next in 5s to 192.1.2.254:6666 via 192.1.2.23:4500; received Delete/Notify
"road-eastnet-ikev2"[1] 192.1.2.254: reviving connection which received Delete/Notify but must remain up per local policy (serial $2)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: initiating IKEv2 connection to 192.1.2.254 using UDP
"road-eastnet-ikev2"[1] 192.1.2.254 #3: sent IKE_SA_INIT request to 192.1.2.254:UDP/6666
"road-eastnet-ikev2"[1] 192.1.2.254 #3: processed IKE_SA_INIT response from 192.1.2.254:UDP/6666 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=DH19}, initiating IKE_AUTH
"road-eastnet-ikev2"[1] 192.1.2.254 #3: sent IKE_AUTH request to 192.1.2.254:UDP/6666
"road-eastnet-ikev2"[1] 192.1.2.254 #3: initiator established IKE SA; authenticated peer using authby=secret and ID_FQDN '@road'
"road-eastnet-ikev2"[1] 192.1.2.254 #4: initiator established Child SA using #3; IPsec tunnel [192.0.2.0/24===192.1.3.209/32] {ESPinUDP/ESN=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE NATD=192.1.2.254:6666 DPD=passive}
east #
 # since the NAT port is still open road should allow recovery
east #
 ../../guestbin/wait-for-pluto.sh '^".*#4: initiator established Child SA using #3'
"road-eastnet-ikev2"[1] 192.1.2.254 #4: initiator established Child SA using #3; IPsec tunnel [192.0.2.0/24===192.1.3.209/32] {ESPinUDP/ESN=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE NATD=192.1.2.254:6666 DPD=passive}
east #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.2.0/24 dst 192.1.3.209/32
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.254
		proto esp reqid REQID mode tunnel
src 192.1.3.209/32 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.1.3.209/32 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
east #
 
