/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 # loaded via ipsec.conf - no ipsec auto --keep yet
east #
 # Late in the game there will be a revival attempt; make it pause so
east #
 # it can be run manually.
east #
 ipsec whack --impair revival
east #
 echo "initdone"
initdone
east #
 # road is up; capture the kernel policy on east
east #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.2.0/24 dst 192.1.3.209/32
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.254
		proto esp reqid REQID mode tunnel
src 192.1.3.209/32 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.1.3.209/32 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.254 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
east #
 # ROAD is down.  EAST, with autostart=keep which sets the UP bit, will
east #
 # schedule a revival event for NOW.  However, with revival impaired,
east #
 # won't actually schedule the event leaving the conn in revival-pending.
east #
 #
east #
 # While revival is pending, the kernel policy have transitioned to
east #
 # on-demand.
east #
 ../../guestbin/wait-for-pluto.sh '#2: IMPAIR: revival: skip scheduling revival event'
"road-eastnet-ikev2"[1] 192.1.2.254 #2: IMPAIR: revival: skip scheduling revival event
east #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.2.0/24 dst 192.1.3.209/32
	dir out priority PRIORITY ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
east #
 # Now trigger the revival.  Since ROAD is down it will fail.  And
east #
 # being KEEP further revivals are abandoned.
east #
 ipsec whack --impair trigger_revival:2
"road-eastnet-ikev2"[1] 192.1.2.254: IMPAIR: dispatch REVIVAL; attempt 1 next in 5s to 192.1.2.254:6666 via 192.1.2.23:4500; received Delete/Notify
"road-eastnet-ikev2"[1] 192.1.2.254: reviving connection which received Delete/Notify but must remain up per local policy (serial $2)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: initiating IKEv2 connection to 192.1.2.254 using UDP
"road-eastnet-ikev2"[1] 192.1.2.254 #3: sent IKE_SA_INIT request to 192.1.2.254:UDP/6666
"road-eastnet-ikev2"[1] 192.1.2.254 #3: ignoring IKE_SA_INIT response containing NO_PROPOSAL_CHOSEN notification (Message ID 0; message payloads N, missing SA,KE,Ni)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: IKE_SA_INIT_I: retransmission; will wait 0.5 seconds for response
"road-eastnet-ikev2"[1] 192.1.2.254 #3: ignoring IKE_SA_INIT response containing NO_PROPOSAL_CHOSEN notification (Message ID 0; message payloads N, missing SA,KE,Ni)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: IKE_SA_INIT_I: retransmission; will wait 1 seconds for response
"road-eastnet-ikev2"[1] 192.1.2.254 #3: ignoring IKE_SA_INIT response containing NO_PROPOSAL_CHOSEN notification (Message ID 0; message payloads N, missing SA,KE,Ni)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: IKE_SA_INIT_I: retransmission; will wait 2 seconds for response
"road-eastnet-ikev2"[1] 192.1.2.254 #3: ignoring IKE_SA_INIT response containing NO_PROPOSAL_CHOSEN notification (Message ID 0; message payloads N, missing SA,KE,Ni)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: IKE_SA_INIT_I: retransmission; will wait 4 seconds for response
"road-eastnet-ikev2"[1] 192.1.2.254 #3: ignoring IKE_SA_INIT response containing NO_PROPOSAL_CHOSEN notification (Message ID 0; message payloads N, missing SA,KE,Ni)
"road-eastnet-ikev2"[1] 192.1.2.254 #3: IKE_SA_INIT_I: 5 second timeout exceeded after 4 retransmits.  No response (or no acceptable response) to our first IKEv2 message
"road-eastnet-ikev2"[1] 192.1.2.254 #3: deleting IKE SA (sent IKE_SA_INIT request)
east #
 # but road is really down, so that fails; and everything is deleted
east #
 ../../guestbin/ipsec-kernel-policy.sh
east #
 # should be empty for east and road
east #
 ipsec showstates
east #
 # there should be no instance connections
east #
 ipsec status | grep "conn serial"
"road-eastnet-ikev2":   conn serial: $1;
east #
 
