/testing/guestbin/swan-prep --userland strongswan
east #
 ../../guestbin/strongswan-start.sh
east #
 echo "initdone"
initdone
east #
 ipsec _kernel policy
src 192.0.2.0/24 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
src 192.0.2.0/24 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
src 192.0.2.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
src 192.1.2.0/24 dst 192.1.2.0/24
	dir fwd priority PRIORITY ptype main
src 192.1.2.0/24 dst 192.1.2.0/24
	dir in priority PRIORITY ptype main
src 192.1.2.0/24 dst 192.1.2.0/24
	dir out priority PRIORITY ptype main
src 192.0.1.0/24 dst 192.0.2.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid REQID mode tunnel
		level use
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.0.1.0/24 dst 192.0.2.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid REQID mode tunnel
		level use
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid REQID mode transport
src 192.0.2.0/24 dst 192.0.1.0/24
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp spi 0xSPISPI reqid REQID mode tunnel
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp spi 0xSPISPI reqid REQID mode transport
east #
 ipsec _kernel state
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 0 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.23 dst 192.1.2.45
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
	lastused YYYY-MM-DD HH:MM:SS
src 192.1.2.23 dst 192.1.2.45
	proto 4 spi 0xSPISPI reqid 0 mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha512) 0xHASHKEY 256
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.45 dst 192.1.2.23
	proto 4 spi 0xSPISPI reqid 0 mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	lastused YYYY-MM-DD HH:MM:SS
east #
 if [ -f /var/run/pluto/pluto.pid ]; then ipsec _kernel state ; fi
east #
 if [ -f /var/run/pluto/pluto.pid ]; then ipsec _kernel policy ; fi
east #
 if [ -f /var/run/charon.pid -o -f /var/run/strongswan/charon.pid ]; then strongswan statusall ; fi
Status of IKE charon daemon (strongSwan VERSION):
  uptime: XXX second, since YYY
  malloc sbrk XXXXXX,mmap X, used XXXXXX, free XXXXX
Listening IP addresses:
  192.0.2.254
  192.1.2.23
Connections:
westnet-eastnet-ikev2:  192.1.2.23...192.1.2.45  IKEv2
westnet-eastnet-ikev2:   local:  [east] uses pre-shared key authentication
westnet-eastnet-ikev2:   remote: [west] uses pre-shared key authentication
westnet-eastnet-ikev2:   child:  192.0.2.0/24 === 192.0.1.0/24 TUNNEL
Shunted Connections:
Bypass LAN 192.0.2.0/24:  192.0.2.0/24 === 192.0.2.0/24 PASS
Bypass LAN 192.1.2.0/24:  192.1.2.0/24 === 192.1.2.0/24 PASS
Security Associations (1 up, 0 connecting):
westnet-eastnet-ikev2[1]: ESTABLISHED XXX second ago, 192.1.2.23[east]...192.1.2.45[west]
westnet-eastnet-ikev2[1]: IKEv2 SPIs: SPISPI_i SPISPI_r*, pre-shared key reauthentication in 2 hours
westnet-eastnet-ikev2[1]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
westnet-eastnet-ikev2{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: SPISPI_i SPISPI_o, IPCOMP CPIs: CPI_i CPI_o
westnet-eastnet-ikev2{1}:  AES_CBC_128/HMAC_SHA2_512_256, XXX bytes_i (XX pkts, XXs ago), XXX bytes_o (XX pkts, XXs ago), rekeying in XX minutes
westnet-eastnet-ikev2{1}:   192.0.2.0/24 === 192.0.1.0/24
east #
