/testing/guestbin/swan-prep --userland strongswan
east #
 ../../pluto/bin/strongswan-start.sh
east #
 echo "initdone"
initdone
east #
 # should see ipcomp entries
east #
 ip xfrm state
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 0 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.23 dst 192.1.2.45
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.23 dst 192.1.2.45
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode transport
	replay-window 32 
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 192.1.2.45 dst 192.1.2.23
	proto comp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
	comp deflate 
src 192.1.2.45 dst 192.1.2.23
	proto 4 spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag noecn nopmtudisc af-unspec
east #
 ip xfrm pol
src 192.0.2.0/24 dst 192.0.1.0/24 
	dir out priority 375423 ptype main 
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto comp spi 0xSPISPI reqid 1 mode tunnel
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp spi 0xSPISPI reqid 1 mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir fwd priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid 1 mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 1 mode transport
src 192.0.1.0/24 dst 192.0.2.0/24 
	dir in priority 375423 ptype main 
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto comp reqid 1 mode tunnel
		level use 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 1 mode transport
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
east #
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

