../../guestbin/prep.sh
ipsec.conf -> PATH/etc/ipsec.conf
ipsec.secrets -> PATH/etc/ipsec.secrets
rise #
 ifconfig ipsec1 create
rise #
 ifconfig ipsec1 -link2
rise #
 ifconfig ipsec1 inet tunnel 198.18.1.12 198.18.1.15
rise #
 ifconfig ipsec1 inet 198.18.12.12/24 198.18.15.15
rise #
 ifconfig ipsec1
ipsec1: flags=0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
	tunnel inet 198.18.1.12 --> 198.18.1.15
	status: active
	inet6 fe80::4f3:8d5f:332a:9410%ipsec1/64 ->  flags 0 scopeid 0x5
	inet 198.18.12.12/24 -> 198.18.15.15 flags 0
rise #
 ipsec _kernel policy
198.18.1.15[any] 198.18.1.12[any] 4(ipv4)
	in ipsec
	esp/transport//unique:8194
	spid=1 seq=3 pid=PID
	refcnt=0
198.18.1.15[any] 198.18.1.12[any] 41(ipv6)
	in discard
	spid=3 seq=2 pid=PID
	refcnt=0
198.18.1.12[any] 198.18.1.15[any] 4(ipv4)
	out ipsec
	esp/transport//unique:8194
	spid=2 seq=1 pid=PID
	refcnt=0
198.18.1.12[any] 198.18.1.15[any] 41(ipv6)
	out discard
	spid=4 seq=0 pid=PID
	refcnt=0
rise #
 ipsec start
Redirecting to: [initsystem]
Initializing NSS database
Starting pluto.
rise #
 ../../guestbin/wait-until-pluto-started
rise #
 ipsec add rise-set
"rise-set": command: 'ifconfig' 'ipsec1'
"rise-set": output: ipsec1: flags=0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280\n\ttunnel inet 198.18.1.12 --> 198.18.
"rise-set": output: 1.15\n\tstatus: active\n\tinet6 fe80::4f3:8d5f:332a:9410%ipsec1/64 ->  flags 0 scopeid 0x5\n\tinet 198.18.
"rise-set": output: 12.12/24 -> 198.18.15.15 flags 0\n
"rise-set": eof: 0; exited yes(0); signaled: no(0); stopped: no(0); core: no
"rise-set": added IKEv2 connection
rise #
 ipsec up rise-set
"rise-set" #1: initiating IKEv2 connection to 198.18.1.15 using UDP
"rise-set" #1: sent IKE_SA_INIT request to 198.18.1.15:UDP/500
"rise-set" #1: processed IKE_SA_INIT response from 198.18.1.15:UDP/500 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=DH19}, initiating IKE_AUTH
"rise-set" #1: sent IKE_AUTH request to 198.18.1.15:UDP/500 with shared-key-mac and FQDN '@west'; Child SA #2 {ESP <0xESPESP}
"rise-set" #1: initiator established IKE SA; authenticated peer using authby=secret and FQDN '@east'
"rise-set" #2: BSD doesn't add kernel-policy to an ipsec-interface (ipsec1@vioif2)
"rise-set" #2: command: 'ifconfig' 'ipsec1' 'up'
"rise-set" #2: eof: 0; exited yes(0); signaled: no(0); stopped: no(0); core: no
"rise-set" #2: BSD doesn't add kernel-policy to an ipsec-interface (ipsec1@vioif2)
"rise-set" #2: initiator established Child SA using #1; IPsec tunnel [198.18.15.0/24===192.19.12.0/24] {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
rise #
 ../../guestbin/ping-once.sh --up -I 198.18.12.12 198.18.15.15
up
rise #
 ipsec _kernel state
198.18.1.12 198.18.1.15 
	esp mode=any spi=SPISPI(0xSPISPI) reqid=8194(0x00002002)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000002 replay=16 flags=0x00000000 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 28800(s)	soft: 28800(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 304(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 2	hard: 0	soft: 0
	sadb_seq=1 pid=PID refcnt=0
198.18.1.15 198.18.1.12 
	esp mode=any spi=SPISPI(0xSPISPI) reqid=8194(0x00002002)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000002 replay=16 flags=0x00000000 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 28800(s)	soft: 28800(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 208(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 2	hard: 0	soft: 0
	sadb_seq=0 pid=PID refcnt=0
rise #
 ipsec _kernel policy
198.18.1.15[any] 198.18.1.12[any] 4(ipv4)
	in ipsec
	esp/transport//unique:8194
	spid=1 seq=3 pid=PID
	refcnt=0
198.18.1.15[any] 198.18.1.12[any] 41(ipv6)
	in discard
	spid=3 seq=2 pid=PID
	refcnt=0
198.18.1.12[any] 198.18.1.15[any] 4(ipv4)
	out ipsec
	esp/transport//unique:8194
	spid=2 seq=1 pid=PID
	refcnt=0
198.18.1.12[any] 198.18.1.15[any] 41(ipv6)
	out discard
	spid=4 seq=0 pid=PID
	refcnt=0
rise #
 setkey -F
rise #
 ifconfig ipsec1 destroy
rise #
