/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 cp resolv.conf /etc
west #
 # need to disable ipv6 and activate auto-interface
west #
 cp west-unbound.conf /etc/unbound/unbound.conf
west #
 # will throw an error about bad unresolvable name
west #
 echo "initdone"
initdone
west #
 sleep 5
west #
 ipsec status |grep "===" # should show %dns for pending resolving
000 "named": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]---192.1.2.23...%dns<right.libreswan.org>[@east]===192.0.2.0/24; unrouted; eroute owner: #0
west #
 unbound-control-setup > /dev/null 2>&1
west #
 # use modified service file that skips ICANN root key checks
west #
 cat /lib/systemd/system/unbound.service | grep -v ExecStartPre > /etc/systemd/system/unbound.service
west #
 systemctl daemon-reload
west #
 systemctl start unbound.service
west #
 unbound-control local_data right.libreswan.org 3600 IN A 192.1.2.23
ok
west #
 # trigger DDNS event (saves us from waiting)
west #
 ipsec whack --ddns
002 updating pending dns lookups
002 "named" #1: initiating v2 parent SA
1v2 "named" #1: initiate
west #
 # give conn time to establish by itself
west #
 sleep 3
west #
 # tunnel should show up in final.sh
west #
 # seems to slow down/hang shutdown
west #
 rm /etc/resolv.conf
west #
 echo done
done
west #
 ipsec whack --trafficstatus
006 #2: "named", type=ESP, add_time=1234567890, inBytes=0, outBytes=0, id='@east'
west #
 # clean up after ourselves
west #
 rm -f /etc/systemd/system/unbound.service
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi