/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 # stock IKEv2
west #
 ./host4.sh s0-s1 leftsubnet=	                  rightsubnet=1.1.1.1/32
 ipsec addconn --name s0-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet= rightsubnet=1.1.1.1/32
"s0-s1": failed to add connection: leftsubnet= invalid, empty field
 ipsec connectionstatus s0-s1
west #
 ./host4.sh s1-s1 leftsubnet=2.2.2.1/32            rightsubnet=1.1.1.1/32
 ipsec addconn --name s1-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 rightsubnet=1.1.1.1/32
"s1-s1": added IKEv2 connection
 ipsec connectionstatus s1-s1
"s1-s1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s1-s2 leftsubnet=2.2.2.1/32            rightsubnet=1.1.1.1/32,1.1.1.2/32
 ipsec addconn --name s1-s2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 rightsubnet=1.1.1.1/32,1.1.1.2/32
"s1-s2": connection is using multiple subnets
"s1-s2": added IKEv2 connection
 ipsec connectionstatus s1-s2
"s1-s2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s1-s2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s2-s1 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnet=1.1.1.1/32
 ipsec addconn --name s2-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnet=1.1.1.1/32
"s2-s1": connection is using multiple subnets
"s2-s1": added IKEv2 connection
 ipsec connectionstatus s2-s1
"s2-s1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s2-s1": 2.2.2.2/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s2-s2 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnet=1.1.1.1/32,1.1.1.2/32
 ipsec addconn --name s2-s2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnet=1.1.1.1/32,1.1.1.2/32
"s2-s2": connection is using multiple subnets
"s2-s2": added IKEv2 connection
 ipsec connectionstatus s2-s2
"s2-s2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s2-s2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
"s2-s2": 2.2.2.2/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s2-s2": 2.2.2.2/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
west #
 # IKEv1 doesn't do multiple selectors
west #
 ./host4.sh s1-s2 leftsubnet=2.2.2.1/32            rightsubnet=1.1.1.1/32,1.1.1.2/32 keyexchange=ikev1
 ipsec addconn --name s1-s2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 rightsubnet=1.1.1.1/32,1.1.1.2/32 keyexchange=ikev1
"s1-s2": failed to add connection: IKEv1 does not support rightsubnet= with multiple selectors without cisco-split=yes and rightmodecfgserver=yes
 ipsec connectionstatus s1-s2
west #
 # right is expanded to multiple connections
west #
 ./host4.sh s0-ss1 leftsubnet=                      rightsubnets=1.1.1.1/32
 ipsec addconn --name s0-ss1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet= rightsubnets=1.1.1.1/32
"s0-ss1": failed to add connection: leftsubnet= invalid, empty string
 ipsec connectionstatus s0-ss1
west #
 ./host4.sh s1-ss1 leftsubnet=2.2.2.1/32            rightsubnets=1.1.1.1/32
 ipsec addconn --name s1-ss1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 rightsubnets=1.1.1.1/32
"s1-ss1/0x1": added IKEv2 connection
 ipsec connectionstatus s1-ss1
"s1-ss1/0x1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s1-ss2 leftsubnet=2.2.2.1/32            rightsubnets=1.1.1.1/32,1.1.1.2/32
 ipsec addconn --name s1-ss2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 rightsubnets=1.1.1.1/32,1.1.1.2/32
"s1-ss2/0x1": added IKEv2 connection
"s1-ss2/0x2": added IKEv2 connection
 ipsec connectionstatus s1-ss2
"s1-ss2/0x1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s1-ss2/0x2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s2-ss1 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32
 ipsec addconn --name s2-ss1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32
"s2-ss1": failed to add connection: multi-selector leftsubnet="2.2.2.1/32,2.2.2.2/32" combined with rightsubnets="1.1.1.1/32"
 ipsec connectionstatus s2-ss1
west #
 ./host4.sh s2-ss2 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32,1.1.1.2/32
 ipsec addconn --name s2-ss2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32,1.1.1.2/32
"s2-ss2": failed to add connection: multi-selector leftsubnet="2.2.2.1/32,2.2.2.2/32" combined with rightsubnets="1.1.1.1/32,1.1.1.2/32"
 ipsec connectionstatus s2-ss2
west #
 # both left and right are expanded to multiple connections
west #
 ./host4.sh ss0-ss1 leftsubnets=                      rightsubnets=1.1.1.1/32
 ipsec addconn --name ss0-ss1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets= rightsubnets=1.1.1.1/32
"ss0-ss1/0x1": added IKEv2 connection
 ipsec connectionstatus ss0-ss1
"ss0-ss1/0x1": 192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh ss1-ss1 leftsubnets=2.2.2.1/32            rightsubnets=1.1.1.1/32
 ipsec addconn --name ss1-ss1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets=2.2.2.1/32 rightsubnets=1.1.1.1/32
"ss1-ss1/1x1": added IKEv2 connection
 ipsec connectionstatus ss1-ss1
"ss1-ss1/1x1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh ss1-ss2 leftsubnets=2.2.2.1/32            rightsubnets=1.1.1.1/32,1.1.1.2/32
 ipsec addconn --name ss1-ss2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets=2.2.2.1/32 rightsubnets=1.1.1.1/32,1.1.1.2/32
"ss1-ss2/1x1": added IKEv2 connection
"ss1-ss2/1x2": added IKEv2 connection
 ipsec connectionstatus ss1-ss2
"ss1-ss2/1x1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"ss1-ss2/1x2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh ss2-ss1 leftsubnets=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32
 ipsec addconn --name ss2-ss1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32
"ss2-ss1/1x1": added IKEv2 connection
"ss2-ss1/2x1": added IKEv2 connection
 ipsec connectionstatus ss2-ss1
"ss2-ss1/1x1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"ss2-ss1/2x1": 2.2.2.2/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh ss2-ss2 leftsubnets=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32,1.1.1.2/32
 ipsec addconn --name ss2-ss2 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets=2.2.2.1/32,2.2.2.2/32 rightsubnets=1.1.1.1/32,1.1.1.2/32
"ss2-ss2/1x1": added IKEv2 connection
"ss2-ss2/1x2": added IKEv2 connection
"ss2-ss2/2x1": added IKEv2 connection
"ss2-ss2/2x2": added IKEv2 connection
 ipsec connectionstatus ss2-ss2
"ss2-ss2/1x1": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"ss2-ss2/1x2": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
"ss2-ss2/2x1": 2.2.2.2/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"ss2-ss2/2x2": 2.2.2.2/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.2/32; unrouted; my_ip=unset; their_ip=unset;
west #
 # left accumulates both
west #
 ./host4.sh s1ss1-s1 leftsubnet=2.2.2.1/32            leftsubnets=2.2.2.3/32            rightsubnet=1.1.1.1/32
 ipsec addconn --name s1ss1-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 leftsubnets=2.2.2.3/32 rightsubnet=1.1.1.1/32
"s1ss1-s1/0x0": added IKEv2 connection
"s1ss1-s1/1x0": added IKEv2 connection
 ipsec connectionstatus s1ss1-s1
"s1ss1-s1/0x0": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s1ss1-s1/1x0": 2.2.2.3/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s1ss2-s1 leftsubnet=2.2.2.1/32            leftsubnets=2.2.2.3/32,2.2.2.4/32 rightsubnet=1.1.1.1/32
 ipsec addconn --name s1ss2-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 leftsubnets=2.2.2.3/32,2.2.2.4/32 rightsubnet=1.1.1.1/32
"s1ss2-s1/0x0": added IKEv2 connection
"s1ss2-s1/1x0": added IKEv2 connection
"s1ss2-s1/2x0": added IKEv2 connection
 ipsec connectionstatus s1ss2-s1
"s1ss2-s1/0x0": 2.2.2.1/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s1ss2-s1/1x0": 2.2.2.3/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
"s1ss2-s1/2x0": 2.2.2.4/32===192.1.2.45[@west]...192.1.2.23[@east]===1.1.1.1/32; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s2ss1-s1 leftsubnet=2.2.2.1/32,2.2.2.2/32 leftsubnets=2.2.2.3/32            rightsubnet=1.1.1.1/32
 ipsec addconn --name s2ss1-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 leftsubnets=2.2.2.3/32 rightsubnet=1.1.1.1/32
"s2ss1-s1": failed to add connection: multi-selector leftsubnet="2.2.2.1/32,2.2.2.2/32" combined with leftsubnets="2.2.2.3/32"
 ipsec connectionstatus s2ss1-s1
west #
 ./host4.sh s2ss2-s1 leftsubnet=2.2.2.1/32,2.2.2.2/32 leftsubnets=2.2.2.3/32,2.2.2.4/32 rightsubnet=1.1.1.1/32
 ipsec addconn --name s2ss2-s1 leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 leftsubnets=2.2.2.3/32,2.2.2.4/32 rightsubnet=1.1.1.1/32
"s2ss2-s1": failed to add connection: multi-selector leftsubnet="2.2.2.1/32,2.2.2.2/32" combined with leftsubnets="2.2.2.3/32,2.2.2.4/32"
 ipsec connectionstatus s2ss2-s1
west #
 # protoport only works with one subnet=
west #
 ./host4.sh s0p  leftsubnet=                      leftprotoport=tcp/22
 ipsec addconn --name s0p leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet= leftprotoport=tcp/22
"s0p": failed to add connection: leftsubnet= invalid, empty field
 ipsec connectionstatus s0p
west #
 ./host4.sh s1p  leftsubnet=2.2.2.1/32            leftprotoport=tcp/22
 ipsec addconn --name s1p leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32 leftprotoport=tcp/22
"s1p": added IKEv2 connection
 ipsec connectionstatus s1p
"s1p": 2.2.2.1/32/TCP/22===192.1.2.45[@west]...192.1.2.23[@east]; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s2p  leftsubnet=2.2.2.1/32,2.2.2.2/32 leftprotoport=tcp/22
 ipsec addconn --name s2p leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnet=2.2.2.1/32,2.2.2.2/32 leftprotoport=tcp/22
"s2p": failed to add connection: leftsubnet= must be a single subnet when combined with leftprotoport=
 ipsec connectionstatus s2p
west #
 # however, protoport works with multiple subnets=
west #
 ./host4.sh s0p  leftsubnets=                      leftprotoport=tcp/22
 ipsec addconn --name s0p leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets= leftprotoport=tcp/22
"s0p/0x0": added IKEv2 connection
 ipsec connectionstatus s0p
"s0p/0x0": 192.1.2.45/32/TCP/22===192.1.2.45[@west]...192.1.2.23[@east]; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s1p  leftsubnets=2.2.2.1/32            leftprotoport=tcp/22
 ipsec addconn --name s1p leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets=2.2.2.1/32 leftprotoport=tcp/22
"s1p/1x0": added IKEv2 connection
 ipsec connectionstatus s1p
"s1p/1x0": 2.2.2.1/32/TCP/22===192.1.2.45[@west]...192.1.2.23[@east]; unrouted; my_ip=unset; their_ip=unset;
west #
 ./host4.sh s2p  leftsubnets=2.2.2.1/32,2.2.2.2/32 leftprotoport=tcp/22
 ipsec addconn --name s2p leftid=@west rightid=@east left=192.1.2.45 right=192.1.2.23 leftsubnets=2.2.2.1/32,2.2.2.2/32 leftprotoport=tcp/22
"s2p/1x0": added IKEv2 connection
"s2p/2x0": added IKEv2 connection
 ipsec connectionstatus s2p
"s2p/1x0": 2.2.2.1/32/TCP/22===192.1.2.45[@west]...192.1.2.23[@east]; unrouted; my_ip=unset; their_ip=unset;
"s2p/2x0": 2.2.2.2/32/TCP/22===192.1.2.45[@west]...192.1.2.23[@east]; unrouted; my_ip=unset; their_ip=unset;
west #
