/testing/guestbin/swan-prep --hostkeys
Creating NSS database containing host keys
east #
 ../../guestbin/ip.sh address add 10.0.2.254 dev eth0
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-01
"westnet-eastnet-01": added IKEv2 connection
east #
 ipsec auto --add westnet-eastnet-02
"westnet-eastnet-02": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 grep -v -P "\t0$" /proc/net/xfrm_stat
east #
 ../../guestbin/ip.sh address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    link/ether 12:00:00:dc:bc:ff brd ff:ff:ff:ff:ff:ff
    altname enp0s6
    altname ens6
    inet 192.0.2.254/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.0.2.254/32 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    link/ether 12:00:00:64:64:23 brd ff:ff:ff:ff:ff:ff
    altname enp0s8
    altname ens8
    inet 192.1.2.23/24 scope global eth1
       valid_lft forever preferred_lft forever
east #
 ../../guestbin/ip.sh link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 12:00:00:dc:bc:ff brd ff:ff:ff:ff:ff:ff
    altname enp0s6
    altname ens6
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 12:00:00:64:64:23 brd ff:ff:ff:ff:ff:ff
    altname enp0s8
    altname ens8
east #
 ../../guestbin/ip.sh route show
default via 192.1.2.254 dev eth1
192.0.1.0/24 via 192.1.2.45 dev eth1
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
east #
 ../../guestbin/ipsec-kernel-state.sh
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec esn
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 0, bitmap-length 0
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec esn
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 XXXXXXXX 
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec esn
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
	lastused YYYY-MM-DD HH:MM:SS
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 0, bitmap-length 0
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec esn
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
	lastused YYYY-MM-DD HH:MM:SS
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 XXXXXXXX 
east #
 ip xfrm policy
src 10.0.2.0/24 dst 10.0.1.0/24 
	dir out priority PRIORITY ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 10.0.1.0/24 dst 10.0.2.0/24 
	dir fwd priority PRIORITY ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 10.0.1.0/24 dst 10.0.2.0/24 
	dir in priority PRIORITY ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir out priority PRIORITY ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir fwd priority PRIORITY ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir in priority PRIORITY ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
east #
 
