/testing/guestbin/swan-prep --x509
Preparing X.509 files
road #
 cp policies/* /etc/ipsec.d/policies/
road #
 echo "192.1.2.23/32"  >> /etc/ipsec.d/policies/private
road #
 ipsec start
Redirecting to: [initsystem]
road #
 /testing/pluto/bin/wait-until-pluto-started
road #
 # give OE policies time to load
road #
 sleep 5
road #
 ping -n -c 2 -I 192.1.3.209 192.1.2.23
PING 192.1.2.23 (192.1.2.23) from 192.1.3.209 : 56(84) bytes of data.
--- 192.1.2.23 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time XXXX
road #
 sleep 5
road #
 # should show no tunnels and no bare shunts and a state in STATE_PARENT_I1
road #
 ipsec whack --trafficstatus
road #
 ipsec whack --shuntstatus
000 Bare Shunt list:
000  
road #
 ipsec status |grep STATE_
000 #5: "private#192.1.2.23/32"[1] ...192.1.2.23:500 STATE_PARENT_I1 (sent IKE_SA_INIT request); EVENT_RETRANSMIT in -1s; idle;
road #
 # east triggered OE, we still have our #1 which is now obsoleted
road #
 sleep 30
road #
 # state #1 should be gone by now. State #2 and #3 should be there.
road #
 ipsec status |grep STATE_
000 #7: "private#192.1.2.23/32"[1] ...192.1.2.23:500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EVENT_SA_REKEY in XXs; newest ISAKMP; idle;
000 #8: "private#192.1.2.23/32"[1] ...192.1.2.23:500 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA established); EVENT_SA_REKEY in XXs; newest IPSEC; eroute owner; isakmp#7; idle;
road #
 # confirm it didn't create a shunt and did not nuke out policy
road #
 ipsec shuntstatus
000 Bare Shunt list:
000  
road #
 ip xfrm pol
src 192.1.3.209/32 dst 192.1.2.23/32 
	dir out priority 3129279 ptype main 
	tmpl src 192.1.3.209 dst 192.1.2.23
		proto esp reqid 16417 mode tunnel
src 192.1.2.23/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
	tmpl src 192.1.2.23 dst 192.1.3.209
		proto esp reqid 16417 mode tunnel
src 192.1.2.23/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
	tmpl src 192.1.2.23 dst 192.1.3.209
		proto esp reqid 16417 mode tunnel
src 192.1.2.253/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.2.253/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.2.253/32 
	dir out priority 3129279 ptype main 
src 192.1.3.253/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.3.253/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.3.253/32 
	dir out priority 3129279 ptype main 
src 192.1.3.254/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.3.254/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.3.254/32 
	dir out priority 3129279 ptype main 
src 192.1.2.254/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.2.254/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.2.254/32 
	dir out priority 3129279 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
road #
 sleep 30
road #
 sleep 30
road #
 # show shuntlife= was reached - it should not have slaughtered the IPsec SA
road #
 ipsec shuntstatus
000 Bare Shunt list:
000  
road #
 ip xfrm pol
src 192.1.3.209/32 dst 192.1.2.23/32 
	dir out priority 3129279 ptype main 
	tmpl src 192.1.3.209 dst 192.1.2.23
		proto esp reqid 16417 mode tunnel
src 192.1.2.23/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
	tmpl src 192.1.2.23 dst 192.1.3.209
		proto esp reqid 16417 mode tunnel
src 192.1.2.23/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
	tmpl src 192.1.2.23 dst 192.1.3.209
		proto esp reqid 16417 mode tunnel
src 192.1.2.253/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.2.253/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.2.253/32 
	dir out priority 3129279 ptype main 
src 192.1.3.253/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.3.253/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.3.253/32 
	dir out priority 3129279 ptype main 
src 192.1.3.254/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.3.254/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.3.254/32 
	dir out priority 3129279 ptype main 
src 192.1.2.254/32 dst 192.1.3.209/32 
	dir fwd priority 3129279 ptype main 
src 192.1.2.254/32 dst 192.1.3.209/32 
	dir in priority 3129279 ptype main 
src 192.1.3.209/32 dst 192.1.2.254/32 
	dir out priority 3129279 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
road #
 # a tunnel should have established
road #
 grep "negotiated connection" /tmp/pluto.log
"private#192.1.2.23/32"[1] ...192.1.2.23 #8: negotiated connection [192.1.3.209-192.1.3.209:0-65535 0] -> [192.1.2.23-192.1.2.23:0-65535 0]
road #
 ../bin/check-for-core.sh
road #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

