/testing/guestbin/swan-prep
west #
 ../bin/algo-west-pluto.sh
protocol=esp
initiator_stack=netkey
responder_stack=netkey
version=ikev2
encrypt=aes integ=sha1
proto=encrypt algs= aes-sha1
check the stack is netkey
	protostack=netkey
confirm that the network is alive
destination -I 192.0.1.254 192.0.2.254 is alive
ensure that clear text does not get through
[ 00.00] IN=eth1 OUT= MAC=12:00:00:64:64:45:12:00:00:64:64:23:08:00 SRC=192.0.2.254 DST=192.0.1.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXXX PROTO=ICMP TYPE=0 CODE=0 ID=XXXX SEQ=1 
down
Redirecting to: [initsystem]
testing aes-sha1
+
+ encrypt-ikev2-aes-sha1
+
+ ipsec whack --name encrypt-ikev2-aes-sha1 --ikev2-allow --psk --esp aes-sha1 --encrypt --pfs --no-esn --id @west --host 192.1.2.45 --nexthop 192.1.2.23 --client 192.0.1.0/24 --to --id @east --host 192.1.2.23 --nexthop=192.1.2.45 --client 192.0.2.0/24
002 added connection description "encrypt-ikev2-aes-sha1"
+
002 "encrypt-ikev2-aes-sha1" #1: initiating v2 parent SA
1v2 "encrypt-ikev2-aes-sha1" #1: initiate
1v2 "encrypt-ikev2-aes-sha1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
1v2 "encrypt-ikev2-aes-sha1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
002 "encrypt-ikev2-aes-sha1" #2: IKEv2 mode peer ID is ID_FQDN: '@east'
003 "encrypt-ikev2-aes-sha1" #2: Authenticated using authby=secret
002 "encrypt-ikev2-aes-sha1" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0]
004 "encrypt-ikev2-aes-sha1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
+
up
+
002 "encrypt-ikev2-aes-sha1": terminating SAs using this connection
002 "encrypt-ikev2-aes-sha1" #2: deleting state (STATE_V2_IPSEC_I) and sending notification
005 "encrypt-ikev2-aes-sha1" #2: ESP traffic information: in=84B out=84B
002 "encrypt-ikev2-aes-sha1" #1: deleting state (STATE_PARENT_I3) and sending notification
+
west #
 ../../pluto/bin/ipsec-look.sh
west NOW
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi