/testing/guestbin/swan-prep
east #
 ip addr add 10.0.2.254 dev eth0
east #
 ipsec start
Redirecting to: systemctl start ipsec.service
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-01
002 added connection description "westnet-eastnet-01"
east #
 ipsec auto --add westnet-eastnet-02
002 added connection description "westnet-eastnet-02"
east #
 echo "initdone"
initdone
east #
 grep -v -P "\t0$" /proc/net/xfrm_stat
east #
 ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default
    link/ether 12:00:00:dc:bc:ff brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.254/24 brd 192.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.0.2.254/32 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default
    link/ether 12:00:00:64:64:23 brd ff:ff:ff:ff:ff:ff
    inet 192.1.2.23/24 brd 192.1.2.255 scope global eth1
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default
    link/ether 12:00:00:32:64:23 brd ff:ff:ff:ff:ff:ff
    inet 192.9.2.23/24 brd 192.9.2.255 scope global eth2
       valid_lft forever preferred_lft forever
5: ip_vti0@NONE: <NOARP> mtu 1332 qdisc noop state DOWN group default
    link/ipip 0.0.0.0 brd 0.0.0.0
east #
 ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default
    link/ether 12:00:00:dc:bc:ff brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default
    link/ether 12:00:00:64:64:23 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default
    link/ether 12:00:00:32:64:23 brd ff:ff:ff:ff:ff:ff
5: ip_vti0@NONE: <NOARP> mtu 1332 qdisc noop state DOWN mode DEFAULT group default
    link/ipip 0.0.0.0 brd 0.0.0.0
east #
 ip route show
default via 192.1.2.254 dev eth1
192.0.1.0/24 via 192.1.2.45 dev eth1
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
192.9.2.0/24 dev eth2 proto kernel scope link src 192.9.2.23
east #
 ip xfrm state
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128
east #
 ip xfrm policy
src 10.0.2.0/24 dst 10.0.1.0/24 
	dir out priority 1042407 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
src 10.0.1.0/24 dst 10.0.2.0/24 
	dir fwd priority 1042407 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
src 10.0.1.0/24 dst 10.0.2.0/24 
	dir in priority 1042407 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir out priority 1042407 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir fwd priority 1042407 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir in priority 1042407 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
east #
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

