/testing/guestbin/swan-prep
east #
 ip addr show dev eth0 | grep 192.0.200.254 || ip addr add 192.0.200.254/24 dev eth0:1
east #
 ip addr show dev eth0 | grep 192.0.201.254 || ip addr add 192.0.201.254/24 dev eth0:1
east #
 ip route show scope global | grep 192.0.100.0 || ip route add 192.0.100.0/24 via 192.1.2.45  dev eth1
east #
 ip route show scope global | grep 192.0.101.0 || ip route add 192.0.101.0/24 via 192.1.2.45  dev eth1
east #
 ipsec start
Redirecting to: [initsystem]
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add westnet-eastnet-ikev2a
002 added connection description "westnet-eastnet-ikev2a"
east #
 ipsec auto --add westnet-eastnet-ikev2b
002 added connection description "westnet-eastnet-ikev2b"
east #
 ipsec auto --add westnet-eastnet-ikev2c
002 added connection description "westnet-eastnet-ikev2c"
east #
 echo "initdone"
initdone
east #
 ipsec whack --trafficstatus
006 #12: "westnet-eastnet-ikev2a", type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='@west'
006 #13: "westnet-eastnet-ikev2b", type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='@west'
006 #14: "westnet-eastnet-ikev2c", type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='@west'
east #
 ipsec status |grep STATE_ | sort
000 #11: "westnet-eastnet-ikev2c":500 STATE_PARENT_R2 (received v2I2, PARENT SA established); EVENT_SA_REKEY in XXs; newest ISAKMP; idle;
000 #12: "westnet-eastnet-ikev2a":500 STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REKEY in XXs; newest IPSEC; eroute owner; isakmp#11; idle;
000 #13: "westnet-eastnet-ikev2b":500 STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REKEY in XXs; newest IPSEC; eroute owner; isakmp#11; idle;
000 #14: "westnet-eastnet-ikev2c":500 STATE_V2_IPSEC_R (IPsec SA established); EVENT_SA_REKEY in XXs; newest IPSEC; eroute owner; isakmp#11; idle;
east #
 # there should be only one IKE_INIT exchange created
east #
 grep "STATE_UNDEFINED(ignore) => STATE_PARENT" /tmp/pluto.log  |grep parent
| parent state #1: STATE_UNDEFINED(ignore) => STATE_PARENT_R1(half-open-ike)
east #
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi