../../guestbin/prep.sh
ipsec.conf -> PATH/etc/ipsec.conf
ipsec.secrets -> PATH/etc/ipsec.secrets
east #
 ifconfig ipsec1 create
east #
 ifconfig ipsec1 -link2
east #
 ifconfig ipsec1 inet tunnel 192.1.2.23 192.1.2.45
east #
 ifconfig ipsec1 inet 192.0.23.1/24 192.0.45.1
east #
 ifconfig ipsec1
ipsec1: flags=0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
	tunnel inet 192.1.2.23 --> 192.1.2.45
	status: active
	inet6 fe80::3003:81db:f7cd:2f31%ipsec1/64 ->  flags 0x2<TENTATIVE> scopeid 0x5
	inet 192.0.23.1/24 -> 192.0.45.1 flags 0
east #
 ../../guestbin/ipsec-kernel-policy.sh
192.1.2.45[any] 192.1.2.23[any] 4(ipv4)
	in ipsec
	esp/transport//unique#16385
	spid=1 seq=3 pid=PID
	refcnt=0
192.1.2.45[any] 192.1.2.23[any] 41(ipv6)
	in discard
	spid=3 seq=2 pid=PID
	refcnt=0
192.1.2.23[any] 192.1.2.45[any] 4(ipv4)
	out ipsec
	esp/transport//unique#16386
	spid=2 seq=1 pid=PID
	refcnt=0
192.1.2.23[any] 192.1.2.45[any] 41(ipv6)
	out discard
	spid=4 seq=0 pid=PID
	refcnt=0
east #
 ipsec start
Redirecting to: [initsystem]
Initializing NSS database
Starting pluto.
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec add east-west
"east-west": command: 'ifconfig' 'ipsec1'
"east-west": output: ipsec1: flags=0x8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280\n\ttunnel inet 192.1.2.23 --> 192.1.2.
"east-west": output: 45\n\tstatus: active\n\tinet6 fe80::3003:81db:f7cd:2f31%ipsec1/64 ->  flags 0x2<TENTATIVE> scopeid 0x5\n\t
"east-west": output: inet 192.0.23.1/24 -> 192.0.45.1 flags 0\n
"east-west": eof: 0; exited yes(0); signaled: no(0); stopped: no(0); core: no
"east-west": added IKEv2 connection
east #
 ../../guestbin/ping-once.sh --up -I 192.0.23.1 192.0.45.1
down UNEXPECTED
# fping  -c 1  --timeout 5s   --src 192.0.23.1 192.0.45.1
192.0.45.1 : [0], timed out (NaN avg, 100% loss) 192.0.45.1 : xmt/rcv/%loss = 1/0/100%
east #
 ../../guestbin/ipsec-kernel-state.sh
192.1.2.23 192.1.2.45 
	esp mode=any spi=SPISPI(0xSPISPI) reqid=16389(0x00004005)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=16 flags=0x00000000 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 28800(s)	soft: 28800(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=PID refcnt=0
192.1.2.45 192.1.2.23 
	esp mode=any spi=SPISPI(0xSPISPI) reqid=16389(0x00004005)
	E: aes-cbc  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	A: hmac-sha1  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
	seq=0x00000000 replay=16 flags=0x00000000 state=mature 
	created: TIMESTAMP	current: TIMESTAMP
	diff: N(s)	hard: 28800(s)	soft: 28800(s)
	last: TIMESTAMP	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=PID refcnt=0
east #
 ../../guestbin/ipsec-kernel-policy.sh
192.1.2.45[any] 192.1.2.23[any] 4(ipv4)
	in ipsec
	esp/transport//unique#16385
	spid=1 seq=3 pid=PID
	refcnt=0
192.1.2.45[any] 192.1.2.23[any] 41(ipv6)
	in discard
	spid=3 seq=2 pid=PID
	refcnt=0
192.1.2.23[any] 192.1.2.45[any] 4(ipv4)
	out ipsec
	esp/transport//unique#16386
	spid=2 seq=1 pid=PID
	refcnt=0
192.1.2.23[any] 192.1.2.45[any] 41(ipv6)
	out discard
	spid=4 seq=0 pid=PID
	refcnt=0
east #
 setkey -F
east #
 ifconfig ipsec1 destroy
east #
 
