/testing/guestbin/swan-prep
road #
 ipsec start
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 ipsec auto --add eastnet-any
002 "eastnet-any": added IKEv2 connection
road #
 # confirm we have stock resolv.conf
road #
 cat /etc/resolv.conf
domain testing.libreswan.org
nameserver 192.1.3.254
road #
 echo initdone
initdone
road #
 ipsec auto --up eastnet-any
1v2 "eastnet-any"[1] 192.1.2.23 #1: initiating IKEv2 connection
1v2 "eastnet-any"[1] 192.1.2.23 #1: sent IKE_SA_INIT request to 192.1.2.23:500
1v2 "eastnet-any"[1] 192.1.2.23 #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
003 "eastnet-any"[1] 192.1.2.23 #1: initiator established IKE SA; authenticated peer using authby=secret and ID_FQDN '@east'
002 "eastnet-any"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 100.64.13.2
002 "eastnet-any"[1] 192.1.2.23 #2: received INTERNAL_IP4_DNS 1.2.3.4
002 "eastnet-any"[1] 192.1.2.23 #2: received INTERNAL_IP4_DNS 5.6.7.8
005 "eastnet-any"[1] 192.1.2.23 #2: Received INTERNAL_DNS_DOMAIN: libreswan.org
002 "eastnet-any"[1] 192.1.2.23 #2: up-client output: updating resolvconf
004 "eastnet-any"[1] 192.1.2.23 #2: initiator established Child SA using #1; IPsec tunnel [100.64.13.2-100.64.13.2:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] {ESP/ESN=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE DPD=passive}
road #
 # did we get our IP
road #
 ip addr show dev ipsec1
X: ipsec1@eth0: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
    inet 100.64.13.2/32 scope 50 ipsec1
       valid_lft forever preferred_lft forever
road #
 ../../guestbin/ping-once.sh --up 192.0.2.254
up
road #
 ipsec whack --trafficstatus
006 #2: "eastnet-any"[1] 192.1.2.23, type=ESP, add_time=1234567890, inBytes=84, outBytes=84, maxBytes=2^63B, id='@east', lease=100.64.13.2/32
road #
 # check to see if our resolv.conf got updated
road #
 cat /etc/resolv.conf
# Generated by Libreswan (IPsec)
domain testing.libreswan.org
search testing.libreswan.org libreswan.org
nameserver 1.2.3.4
nameserver 5.6.7.8
nameserver 192.1.3.254
road #
 # confirm resolv.conf is restored on down
road #
 ipsec auto --down eastnet-any
002 "eastnet-any"[1] 192.1.2.23: terminating SAs using this connection
002 "eastnet-any"[1] 192.1.2.23 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) and sending notification
005 "eastnet-any"[1] 192.1.2.23 #2: ESP traffic information: in=84B out=84B
002 "eastnet-any"[1] 192.1.2.23 #2: down-client output: restoring resolvconf
002 "eastnet-any"[1] 192.1.2.23: deleting connection instance with peer 192.1.2.23
road #
 cat /etc/resolv.conf
domain testing.libreswan.org
nameserver 192.1.3.254
road #
 # did we get our IP cleaned up
road #
 ip addr show dev ipsec1
X: ipsec1@eth0: <NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN
road #
 echo done
done
road #
 ip rule
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
road #
 ip route
default via 192.1.3.254 dev eth0
192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209
road #
 ip route show table 50
Error: ipv4: FIB table does not exist.
Dump terminated
road #
 
