/testing/guestbin/swan-prep
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# # confirm that the network is alive
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ../../pluto/bin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# # adding some routes to sow confusion on purpose
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route add 192.168.1.1 via 192.0.1.254 dev eth0
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route add 192.168.1.2 via 192.1.2.45 dev eth1
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route add 192.168.1.16/28 via 192.1.2.45 dev eth1
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route add 25.1.0.0/16 via 192.0.1.254
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route add 25.2.0.0/16 via 192.1.2.45
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: /etc/init.d/ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Starting pluto IKE daemon for IPsec: 
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec auto --add westnet-all
002 added connection description "westnet-all"
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route list
default via 192.1.2.254 dev eth1 
25.1.0.0/16 via 192.0.1.254 dev eth0 
25.2.0.0/16 via 192.1.2.45 dev eth1 
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 
192.0.2.0/24 via 192.1.2.23 dev eth1 
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 
192.168.1.1 via 192.0.1.254 dev eth0 
192.168.1.2 via 192.1.2.45 dev eth1 
192.168.1.16/28 via 192.1.2.45 dev eth1 
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# for i in `seq 1 12`; do ipsec auto --add orient$i; done
002 added connection description "orient1"
002 added connection description "orient2"
002 added connection description "orient3"
002 added connection description "orient4"
002 added connection description "orient5"
002 added connection description "orient6"
002 added connection description "orient7"
002 added connection description "orient8"
002 added connection description "orient9"
002 added connection description "orient10"
002 added connection description "orient11"
002 added connection description "orient12"
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec auto --status |grep orient |grep "eroute owner"
000 "orient1": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient10": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient11": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient12": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient2": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient3": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient4": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient5": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient6": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient7": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient8": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient9": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec whack --impair suppress-retransmits
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# echo "initdone"
initdone
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec auto --up  westnet-all
002 "westnet-all" #1: initiating Main Mode
002 "westnet-all" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
102 "westnet-all" #1: STATE_MAIN_I1: initiate
002 "westnet-all" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
104 "westnet-all" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "westnet-all" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
106 "westnet-all" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "westnet-all" #1: Peer ID is ID_FQDN: '@east'
003 "westnet-all" #1: Authenticated using RSA
004 "westnet-all" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
002 "westnet-all" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:e79323e9 proposal=defaults pfsgroup=MODP2048}
002 "westnet-all" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
115 "westnet-all" #2: STATE_QUICK_I1: initiate
004 "westnet-all" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xdd36a0cf <0xe42489da xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ping -n -c 4 -I 192.0.1.254 192.0.2.254
PING 192.0.2.254 (192.0.2.254) from 192.0.1.254 : 56(84) bytes of data.
64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=0.078 ms
64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=0.099 ms
64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=0.091 ms
64 bytes from 192.0.2.254: icmp_seq=4 ttl=64 time=0.068 ms

--- 192.0.2.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 113ms
rtt min/avg/max/mdev = 0.068/0.084/0.099/0.011 ms
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec trafficstatus
006 #2: "westnet-all", type=ESP, add_time=0, inBytes=336, outBytes=336, id='@east'
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ip route list
default via 192.1.2.254 dev eth1 
25.1.0.0/16 via 192.0.1.254 dev eth0 
25.2.0.0/16 via 192.1.2.45 dev eth1 
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 
192.0.2.0/24 via 192.1.2.23 dev eth1 
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 
192.168.1.1 via 192.0.1.254 dev eth0 
192.168.1.2 via 192.1.2.45 dev eth1 
192.168.1.16/28 via 192.1.2.45 dev eth1 
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# # testing re-orienting
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec auto --replace westnet-all
002 "westnet-all": terminating SAs using this connection
002 "westnet-all" #2: deleting state (STATE_QUICK_I2) aged 3.530s and sending notification
005 "westnet-all" #2: ESP traffic information: in=336B out=336B
002 "westnet-all" #1: deleting state (STATE_MAIN_I4) aged 3.593s and sending notification
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 "westnet-all": unroute-client output: Error: Peer netns reference is invalid.
002 added connection description "westnet-all"
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec auto --status |grep westnet
000 "westnet-all": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===0.0.0.0/0; unrouted; eroute owner: #0
000 "westnet-all":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "westnet-all":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "westnet-all":   our auth:rsasig, their auth:rsasig
000 "westnet-all":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "westnet-all":   labeled_ipsec:no;
000 "westnet-all":   policy_label:unset;
000 "westnet-all":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "westnet-all":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "westnet-all":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "westnet-all":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "westnet-all":   conn_prio: 24,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "westnet-all":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "westnet-all":   our idtype: ID_FQDN; our id=@west; their idtype: ID_FQDN; their id=@east
000 "westnet-all":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "westnet-all":   newest ISAKMP SA: #0; newest IPsec SA: #0;
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# echo done
done
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ../../pluto/bin/ipsec-look.sh
==== cut ====
start raw xfrm state:
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket out priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket in priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket out priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket in priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket out priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket in priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket out priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket in priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket out priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket in priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket out priority 0 ptype main \
src 0.0.0.0/0 dst 0.0.0.0/0 \	socket in priority 0 ptype main \
end raw xfrm state:
==== tuc ====
west Mon Aug 26 18:24:04 UTC 2019
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
25.1.0.0/16 via 192.0.1.254 dev eth0
25.2.0.0/16 via 192.1.2.45 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 via 192.1.2.23 dev eth1
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
192.168.1.1 via 192.0.1.254 dev eth0
192.168.1.2 via 192.1.2.45 dev eth1
192.168.1.16/28 via 192.1.2.45 dev eth1
NSS_CERTIFICATES

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ../../pluto/bin/xfrmcheck.sh
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# : ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo 127.0.0.1:4500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 192.0.1.254:4500
000 interface eth0/eth0 192.0.1.254:500
000 interface eth1/eth1 192.1.2.45:4500
000 interface eth1/eth1 192.1.2.45:500
000  
000  
000 fips mode=disabled;
000 SElinux=disabled
000 seccomp=disabled
000  
000 config setup options:
000  
000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d
000 nssdir=/etc/ipsec.d, dumpdir=/tmp, statsbin=unset
000 dnssec-rootkey-file=/var/lib/unbound/root.key, dnssec-trusted=<unset>
000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec
000 pluto_version=v3.28-685-gbfd5aef521-master-s2, pluto_vendorid=OE-Libreswan-v3.28-685, audit-log=yes
000 nhelpers=-1, uniqueids=yes, dnssec-enable=yes, perpeerlog=no, logappend=no, logip=yes, shuntlifetime=900s, xfrmlifetime=30s
000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
000 ikeport=500, ikebuf=0, msg_errqueue=yes, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>, nflog-all=0
000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
000 ocsp-trust-name=<unset>
000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get
000 global-redirect=no, global-redirect-to=<unset>
000 secctx-attr-type=32001
000 debug: base+cpu-usage impair: suppress-retransmits
000  
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000  
000 Kernel algorithms supported:
000  
000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256
000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=SERPENT_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=TWOFISH_CBC, keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128
000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384
000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512
000 algorithm AH/ESP auth: name=NONE, key-length=0
000  
000 IKE algorithms supported:
000  
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256
000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16
000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20
000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32
000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48
000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64
000 algorithm IKE PRF: name=AES_XCBC, hashlen=16
000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536
000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048
000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072
000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096
000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144
000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192
000 algorithm IKE DH Key Exchange: name=DH19, bits=512
000 algorithm IKE DH Key Exchange: name=DH20, bits=768
000 algorithm IKE DH Key Exchange: name=DH21, bits=1056
000 algorithm IKE DH Key Exchange: name=DH31, bits=256
000  
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000  
000 Connection list:
000  
000 "orient1": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient1":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient1":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient1":   our auth:secret, their auth:secret
000 "orient1":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient1":   labeled_ipsec:no;
000 "orient1":   policy_label:unset;
000 "orient1":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient1":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient1":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient1":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient1":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient1":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient1":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: %none; their id=(none)
000 "orient1":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient1":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient10": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient10":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient10":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient10":   our auth:secret, their auth:secret
000 "orient10":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient10":   labeled_ipsec:no;
000 "orient10":   policy_label:unset;
000 "orient10":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient10":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient10":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient10":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient10":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient10":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient10":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient10":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient10":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient11": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient11":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient11":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient11":   our auth:secret, their auth:secret
000 "orient11":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient11":   labeled_ipsec:no;
000 "orient11":   policy_label:unset;
000 "orient11":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient11":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient11":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient11":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient11":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient11":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient11":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient11":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient11":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient12": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient12":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient12":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient12":   our auth:secret, their auth:secret
000 "orient12":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient12":   labeled_ipsec:no;
000 "orient12":   policy_label:unset;
000 "orient12":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient12":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient12":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient12":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient12":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient12":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient12":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient12":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient12":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient2": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient2":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient2":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient2":   our auth:secret, their auth:secret
000 "orient2":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient2":   labeled_ipsec:no;
000 "orient2":   policy_label:unset;
000 "orient2":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient2":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient2":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient2":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient2":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient2":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient2":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: %none; their id=(none)
000 "orient2":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient2":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient3": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient3":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient3":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient3":   our auth:secret, their auth:secret
000 "orient3":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient3":   labeled_ipsec:no;
000 "orient3":   policy_label:unset;
000 "orient3":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient3":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient3":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient3":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient3":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient3":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient3":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: %none; their id=(none)
000 "orient3":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient3":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient4": 192.1.2.45---192.1.2.254...%any; unrouted; eroute owner: #0
000 "orient4":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient4":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient4":   our auth:secret, their auth:secret
000 "orient4":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient4":   labeled_ipsec:no;
000 "orient4":   policy_label:unset;
000 "orient4":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient4":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient4":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient4":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient4":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient4":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient4":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: %none; their id=(none)
000 "orient4":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient4":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient5": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient5":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient5":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient5":   our auth:secret, their auth:secret
000 "orient5":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient5":   labeled_ipsec:no;
000 "orient5":   policy_label:unset;
000 "orient5":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient5":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient5":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient5":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient5":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient5":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient5":   our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient5":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient5":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient6": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient6":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient6":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient6":   our auth:secret, their auth:secret
000 "orient6":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient6":   labeled_ipsec:no;
000 "orient6":   policy_label:unset;
000 "orient6":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient6":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient6":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient6":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient6":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient6":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient6":   our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient6":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient6":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient7": 192.1.2.45<192.1.2.45>---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient7":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient7":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient7":   our auth:secret, their auth:secret
000 "orient7":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient7":   labeled_ipsec:no;
000 "orient7":   policy_label:unset;
000 "orient7":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient7":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient7":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient7":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient7":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient7":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient7":   our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient7":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient7":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient8": 192.1.2.45<192.1.2.45>...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient8":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient8":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient8":   our auth:secret, their auth:secret
000 "orient8":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient8":   labeled_ipsec:no;
000 "orient8":   policy_label:unset;
000 "orient8":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient8":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient8":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient8":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient8":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient8":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient8":   our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient8":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient8":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "orient9": 192.1.2.45---192.1.2.254...8.8.8.8<8.8.8.8>; unrouted; eroute owner: #0
000 "orient9":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "orient9":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "orient9":   our auth:secret, their auth:secret
000 "orient9":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "orient9":   labeled_ipsec:no;
000 "orient9":   policy_label:unset;
000 "orient9":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "orient9":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "orient9":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "orient9":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "orient9":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "orient9":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "orient9":   our idtype: ID_IPV4_ADDR; our id=%any; their idtype: ID_IPV4_ADDR; their id=8.8.8.8
000 "orient9":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "orient9":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "westnet-all": 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===0.0.0.0/0; unrouted; eroute owner: #0
000 "westnet-all":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "westnet-all":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "westnet-all":   our auth:rsasig, their auth:rsasig
000 "westnet-all":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "westnet-all":   labeled_ipsec:no;
000 "westnet-all":   policy_label:unset;
000 "westnet-all":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "westnet-all":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "westnet-all":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "westnet-all":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "westnet-all":   conn_prio: 24,0; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "westnet-all":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "westnet-all":   our idtype: ID_FQDN; our id=@west; their idtype: ID_FQDN; their id=@east
000 "westnet-all":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "westnet-all":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000  
000 Total IPsec connections: loaded 13, active 0
000  
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000  
000 Bare Shunt list:
000  
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# : ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ipsec whack --shutdown
002 shutting down
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566843844.250:243327): avc:  denied  { write } for  pid=8539 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=537796705 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/basic-pluto-02\[root@west basic-pluto-02]#