/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 cp resolv.conf /etc
west #
 # need to disable ipv6 and activate auto-interface
west #
 cp west-unbound.conf /etc/unbound/unbound.conf
west #
 # will throw an error about bad unresolvable name
west #
 echo "initdone"
initdone
west #
 sleep 5
west #
 ipsec status |grep "===" # should show %dns for pending resolving
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
west #
 unbound-control-setup > /dev/null 2>&1
west #
 # use modified service file that skips ICANN root key checks
west #
 cat /lib/systemd/system/unbound.service | grep -v ExecStartPre > /etc/systemd/system/unbound.service
west #
 systemctl daemon-reload
west #
 systemctl start unbound.service
west #
 unbound-control local_data right.libreswan.org 3600 IN A 192.1.2.23
[1566825032] unbound-control[9552:0] error: connect: Connection refused for 127.0.0.1
west #
 # trigger DDNS event (saves us from waiting)
west #
 ipsec whack --ddns
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
west #
 # give conn time to establish by itself
west #
 sleep 3
west #
 # tunnel should show up in final.sh
west #
 # seems to slow down/hang shutdown
west #
 rm /etc/resolv.conf
rm: cannot remove '/etc/resolv.conf': Device or resource busy
west #
 echo done
done
west #
 ipsec whack --trafficstatus
whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
west #
 # clean up after ourselves
west #
 rm -f /etc/systemd/system/unbound.service
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi