/testing/guestbin/swan-prep
east #
 ip tunnel add eth3 mode gre local 192.1.2.23 remote 192.1.2.45
east #
 ip addr add 192.1.3.1/24 dev eth3
east #
 ip link set dev eth3 up
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add test1
"test1": added IKEv2 connection
east #
 ipsec auto --add test2
"test2": added IKEv2 connection
east #
 ipsec auto --add test3
"test3": added unoriented IKEv2 connection (neither left=192.1.3.3 nor right=192.1.3.2 match an interface)
east #
 ipsec auto --ready
listening for IKE messages
forgetting secrets
loading secrets from "/etc/ipsec.secrets"
east #
 ipsec auto --status | grep interface
using kernel interface: xfrm
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
interface eth0 UDP 192.0.2.254:4500
interface eth0 UDP 192.0.2.254:500
interface eth1 UDP 192.1.2.23:4500
interface eth1 UDP 192.1.2.23:500
interface eth3 UDP 192.1.3.1:4500
interface eth3 UDP 192.1.3.1:500
"test1":   conn_prio: 32,32; interface: eth3; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
"test2":   conn_prio: 32,32; interface: eth3; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
"test3":   conn_prio: 32,32; interface: ; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
east #
 ipsec auto --status | grep "[.][.][.]"
"test1": 192.1.3.1...192.1.3.2; unrouted; my_ip=unset; their_ip=unset;
"test2": 192.1.3.1...192.1.3.3; unrouted; my_ip=unset; their_ip=unset;
"test3": 192.1.3.3...192.1.3.2; unoriented; my_ip=unset; their_ip=unset;
east #
 ip addr add 192.1.3.3/24 dev eth3
east #
 ipsec auto --ready
listening for IKE messages
adding UDP interface eth3 192.1.3.3:500
adding UDP interface eth3 192.1.3.3:4500
"test3": oriented IKEv2 connection (local: left=192.1.3.3  remote: right=192.1.3.2)
"test2": connection matches both left eth3 192.1.3.1 and right eth3 192.1.3.3
"test2": terminating SAs using this connection
"test2" #3: deleting IKE SA (ESTABLISHED_IKE_SA) and sending notification
"test2" #4: unroute-host output: Device "NULL" does not exist.
"test2" #4: ESP traffic information: in=84B out=84B
forgetting secrets
loading secrets from "/etc/ipsec.secrets"
east #
 ipsec auto --status | grep "[.][.][.]"
"test1": 192.1.3.1...192.1.3.2; routed-tunnel; my_ip=unset; their_ip=unset;
"test2": 192.1.3.1...192.1.3.3; unoriented; my_ip=unset; their_ip=unset;
"test3": 192.1.3.3...192.1.3.2; unrouted; my_ip=unset; their_ip=unset;
east #
 ipsec auto --ready
listening for IKE messages
forgetting secrets
loading secrets from "/etc/ipsec.secrets"
east #
 ipsec auto --status | grep "[.][.][.]"
"test1": 192.1.3.1...192.1.3.2; routed-tunnel; my_ip=unset; their_ip=unset;
"test2": 192.1.3.1...192.1.3.3; unoriented; my_ip=unset; their_ip=unset;
"test3": 192.1.3.3...192.1.3.2; unrouted; my_ip=unset; their_ip=unset;
east #
 ipsec whack --shutdown
east #
 ip link set dev eth3 down
east #
 ip tunnel del eth3
east #
 
