/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
north #
 ipsec start
Redirecting to: [initsystem]
north #
 ../../guestbin/wait-until-pluto-started
north #
 ../../guestbin/block-non-ipsec.sh
north #
 ipsec auto --add north-pool
"north-pool": added IKEv1 connection
north #
 ipsec auto --add north-subnet1
"north-subnet1": added IKEv1 connection
north #
 ipsec auto --add north-subnet2
"north-subnet2": added IKEv1 connection
north #
 ipsec whack --trafficstatus
north #
 ipsec whack --impair suppress_retransmits
north #
 echo initdone
initdone
north #
 ipsec auto --up north-pool
"north-pool" #1: initiating IKEv1 Main Mode connection
"north-pool" #1: sent Main Mode request
"north-pool" #1: sent Main Mode I2
"north-pool" #1: sent Main Mode I3
"north-pool" #1: Peer ID is FQDN: '@east'
"north-pool" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"north-pool" #1: XAUTH: Answering XAUTH challenge with user='use3'
"north-pool" #1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"north-pool" #1: XAUTH: Successfully Authenticated
"north-pool" #1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"north-pool" #1: modecfg: Sending IP request (MODECFG_I1)
"north-pool" #1: received IPv4 lease 192.0.2.100, updating source IP address
"north-pool" #1: received INTERNAL_IP4_DNS server address 1.2.3.4
"north-pool" #1: received INTERNAL_IP4_DNS server address 5.6.7.8
"north-pool" #1: ignoring CISCO_SPLITs in MODE_CFG REPLY payload, cisco-split=no
"north-pool" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"north-pool" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKE_FRAG_ALLOW+ESN_NO+ESN_YES {using isakmp#1 msgid:MSGID proposal=AES_CBC-HMAC_SHA1_96, AES_CBC-HMAC_SHA2_512_256, AES_CBC-HMAC_SHA2_256_128, AES_GCM_16_128-NONE, AES_GCM_16_256-NONE, 3DES_CBC-HMAC_SHA1_96, 3DES_CBC-HMAC_SHA2_512_256, 3DES_CBC-HMAC_SHA2_256_128 pfsgroup=MODP2048 192.0.2.100/32===192.1.2.23/32}
"north-pool" #2: sent Quick Mode request
"north-pool" #2: up-client output: updating resolvconf
"north-pool" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive username=use3}
north #
 ipsec auto --up north-subnet1
"north-subnet1" #3: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKE_FRAG_ALLOW+ESN_NO+ESN_YES {using isakmp#1 msgid:MSGID proposal=AES_CBC-HMAC_SHA1_96, AES_CBC-HMAC_SHA2_512_256, AES_CBC-HMAC_SHA2_256_128, AES_GCM_16_128-NONE, AES_GCM_16_256-NONE, 3DES_CBC-HMAC_SHA1_96, 3DES_CBC-HMAC_SHA2_512_256, 3DES_CBC-HMAC_SHA2_256_128 pfsgroup=MODP2048 192.0.2.100/32===10.0.1.0/24}
"north-subnet1" #3: sent Quick Mode request
"north-subnet1" #3: up-client output: updating resolvconf
"north-subnet1" #3: up-client output: Current resolv.conf is generated by Libreswan, not creating a new backup
"north-subnet1" #3: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive username=use3}
north #
 ipsec auto --up north-subnet2
"north-subnet2" #4: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKE_FRAG_ALLOW+ESN_NO+ESN_YES {using isakmp#1 msgid:MSGID proposal=AES_CBC-HMAC_SHA1_96, AES_CBC-HMAC_SHA2_512_256, AES_CBC-HMAC_SHA2_256_128, AES_GCM_16_128-NONE, AES_GCM_16_256-NONE, 3DES_CBC-HMAC_SHA1_96, 3DES_CBC-HMAC_SHA2_512_256, 3DES_CBC-HMAC_SHA2_256_128 pfsgroup=MODP2048 192.0.2.100/32===10.0.2.0/24}
"north-subnet2" #4: sent Quick Mode request
"north-subnet2" #4: up-client output: updating resolvconf
"north-subnet2" #4: up-client output: Current resolv.conf is generated by Libreswan, not creating a new backup
"north-subnet2" #4: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive username=use3}
north #
 # Should show the lease ip is being used for all conns
north #
 ipsec whack --trafficstatus
#2: "north-pool", username=use3, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, lease=192.0.2.100/32
#3: "north-subnet1", username=use3, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, lease=192.0.2.100/32
#4: "north-subnet2", username=use3, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, lease=192.0.2.100/32
north #
 hostname | grep east > /dev/null && ipsec whack --trafficstatus
north #
 ipsec status | grep routed-tunnel
"north-pool": 192.0.2.100/32===192.1.3.33[@GroupID]---192.1.3.254...192.1.2.23[@east]; routed-tunnel; my_ip=192.0.2.100; their_ip=unset;
"north-pool":   routing: routed-tunnel; owner: IPsec SA #2; established ISAKMP SA: #1; established IPsec SA: #2;
"north-subnet1": 192.0.2.100/32===192.1.3.33[@GroupID]---192.1.3.254...192.1.2.23[@east]===10.0.1.0/24; routed-tunnel; my_ip=192.0.2.100; their_ip=unset;
"north-subnet1":   routing: routed-tunnel; owner: IPsec SA #3; established IPsec SA: #3;
"north-subnet2": 192.0.2.100/32===192.1.3.33[@GroupID]---192.1.3.254...192.1.2.23[@east]===10.0.2.0/24; routed-tunnel; my_ip=192.0.2.100; their_ip=unset;
"north-subnet2":   routing: routed-tunnel; owner: IPsec SA #4; established IPsec SA: #4;
north #
