[26-06-02 09:37:56] START switch_ipsec_vxlan scenario: cases/switch_ipsec_vxlan.sh header : build two switches and verify ipsec vxlan output connectivity topology: sw1 172.248.0.241 <==== IPSec ====> sw2 172.248.0.242; svc 192.56.0.1 <---- VxLAN output - svc 192.56.0.2 topology: # Topology: topology: # - Diagram: topology: # sw1 172.248.0.241 <==== IPSec ====> sw2 172.248.0.242 topology: # svc 192.56.0.1 <---- VxLAN output - svc 192.56.0.2 topology: # plain VxLAN phase, then IPSec-protected phase topology: # - Docker mgmt network: 172.248.0.0/24 topology: # sw1=172.248.0.241, sw2=172.248.0.242. topology: # - OpenLAN service network "example": 192.56.0.0/24 topology: # sw1=192.56.0.1, sw2=192.56.0.2. topology: # - IPSec tunnel: topology: # sw1 <-> sw2 over mgmt addresses with shared PSK. topology: # - Output link: topology: # sw2 -> sw1 by vxlan output. topology: # Validation: topology: # sw2 can ping/perf to sw1 on plain vxlan output (no ipsec tunnel), topology: # then repeat ping/perf after enabling ipsec tunnel on the same path. Started switch pause container: tests-sw-ipsec1-pause Started switch frr container: tests-sw-ipsec1-frr Started switch ipsec container: tests-sw-ipsec1-ipsec Started switch container: tests-sw-ipsec1 [26-06-02 09:37:56][ASSERT#0001][expect] at cases/switch_ipsec_vxlan.sh:54 fn=setup_sw1 retry=30 cmd="docker logs -f tests-sw-ipsec1" expect="Http.Start" 2026/06/02 09:37:57 INFO|root|Wait: ... 2026/06/02 09:37:57 INFO|root|Http.LoadToken: file:/etc/openlan/switch/token does not exist 2026/06/02 09:37:57 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/02 09:37:57 INFO|root|Http.Start 0.0.0.0:10000 [26-06-02 09:37:57][ASSERT#0001][OK] cost=1.029s [26-06-02 09:37:57][ASSERT#0002][cmd] at cases/switch_ipsec_vxlan.sh:56 fn=setup_sw1 cmd="docker exec tests-sw-ipsec1 openlan network --name example add --address 192.56.0.1/24" [26-06-02 09:37:58][ASSERT#0002][OK] cost=0.238s [26-06-02 09:37:58][ASSERT#0003][cmd] at cases/switch_ipsec_vxlan.sh:57 fn=setup_sw1 cmd="docker exec tests-sw-ipsec1 openlan user add --name edge@example --password 123456" # total 1 username password role lease edge@example 123456 guest 2027-06-02T09 [26-06-02 09:37:58][ASSERT#0003][OK] cost=0.057s Started switch pause container: tests-sw-ipsec2-pause Started switch frr container: tests-sw-ipsec2-frr Started switch ipsec container: tests-sw-ipsec2-ipsec Started switch container: tests-sw-ipsec2 [26-06-02 09:37:59][ASSERT#0004][expect] at cases/switch_ipsec_vxlan.sh:76 fn=setup_sw2 retry=30 cmd="docker logs -f tests-sw-ipsec2" expect="Http.Start" 2026/06/02 09:37:59 INFO|root|Wait: ... 2026/06/02 09:37:59 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/02 09:37:59 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/02 09:37:59 INFO|root|Http.Start 0.0.0.0:10000 [26-06-02 09:38:00][ASSERT#0004][OK] cost=1.031s [26-06-02 09:38:00][ASSERT#0005][cmd] at cases/switch_ipsec_vxlan.sh:78 fn=setup_sw2 cmd="docker exec tests-sw-ipsec2 openlan network --name example add --address 192.56.0.2/24" [26-06-02 09:38:00][ASSERT#0005][OK] cost=0.250s [26-06-02 09:38:00][ASSERT#0006][cmd] at cases/switch_ipsec_vxlan.sh:79 fn=setup_sw2 cmd="docker exec tests-sw-ipsec2 openlan user add --name edge@example --password 123456" # total 1 username password role lease edge@example 123456 guest 2027-06-02T09 [26-06-02 09:38:00][ASSERT#0006][OK] cost=0.063s [26-06-02 09:38:00][ASSERT#0007][cmd] at cases/switch_ipsec_vxlan.sh:83 fn=setup_output cmd="docker exec tests-sw-ipsec1 openlan network --name example output add --remote 172.248.0.242 --protocol vxlan --segment 1056" [26-06-02 09:38:00][ASSERT#0007][OK] cost=0.067s [26-06-02 09:38:00][ASSERT#0008][cmd] at cases/switch_ipsec_vxlan.sh:84 fn=setup_output cmd="docker exec tests-sw-ipsec2 openlan network --name example output add --remote 172.248.0.241 --protocol vxlan --segment 1056" [26-06-02 09:38:00][ASSERT#0008][OK] cost=0.076s [26-06-02 09:38:00][ASSERT#0009][match] at cases/switch_ipsec_vxlan.sh:88 fn=test_vxlan_output_ping_without_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.374 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.336 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.293 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2072ms [26-06-02 09:38:06][ASSERT#0009][OK] cost=6.283s [26-06-02 09:38:06][ASSERT#0010][cmd] at cases/switch_ipsec_vxlan.sh:90 fn=test_vxlan_output_ping_without_ipsec cmd="docker exec tests-sw-ipsec1 openlan reload --save" Save configuraion ... success # reloading pid:42 .... PID 42 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:442 ... PID 442 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-02 09:38:07][ASSERT#0010][OK] cost=1.076s [26-06-02 09:38:07][ASSERT#0011][cmd] at cases/switch_ipsec_vxlan.sh:91 fn=test_vxlan_output_ping_without_ipsec cmd="docker exec tests-sw-ipsec2 openlan reload --save" Save configuraion ... success # reloading pid:42 .... PID 42 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:455 ... PID 455 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-02 09:38:08][ASSERT#0011][OK] cost=1.068s [26-06-02 09:38:08][ASSERT#0012][match] at cases/switch_ipsec_vxlan.sh:92 fn=test_vxlan_output_ping_without_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.173 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.312 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.271 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2065ms [26-06-02 09:38:11][ASSERT#0012][OK] cost=2.124s [26-06-02 09:38:11][ASSERT#0013][match] at cases/switch_ipsec_vxlan.sh:111 fn=test_vxlan_output_perf retry=30 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="0% packet loss" PING 192.56.0.1 (192.56.0.1) 1200(1228) bytes of data. --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 971ms rtt min/avg/max/mdev = 0.125/0.277/0.372/0.068 ms [26-06-02 09:38:12][ASSERT#0013][OK] cost=1.042s [26-06-02 09:38:12][ASSERT#0014][match] at cases/switch_ipsec_vxlan.sh:112 fn=test_vxlan_output_perf retry=5 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="rtt min/avg/max" --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 972ms rtt min/avg/max/mdev = 0.070/0.221/0.279/0.047 ms [26-06-02 09:38:13][ASSERT#0014][OK] cost=1.038s [26-06-02 09:38:13][ASSERT#0015][cmd] at cases/switch_ipsec_vxlan.sh:114 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5206" [26-06-02 09:38:13][ASSERT#0015][OK] cost=0.064s [26-06-02 09:38:13][ASSERT#0016][match] at cases/switch_ipsec_vxlan.sh:115 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -c 192.56.0.1 -p 5206 -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-5.00 sec 15.4 GBytes 26.5 Gbits/sec 0 sender [ 5] 0.00-5.03 sec 15.4 GBytes 26.3 Gbits/sec receiver iperf Done. [26-06-02 09:38:18][ASSERT#0016][OK] cost=5.233s [26-06-02 09:38:18][ASSERT#0017][cmd] at cases/switch_ipsec_vxlan.sh:116 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5206" [26-06-02 09:38:18][ASSERT#0017][OK] cost=0.056s [26-06-02 09:38:18][ASSERT#0018][cmd] at cases/switch_ipsec_vxlan.sh:118 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5207" [26-06-02 09:38:18][ASSERT#0018][OK] cost=0.051s [26-06-02 09:38:18][ASSERT#0019][match] at cases/switch_ipsec_vxlan.sh:119 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -u -c 192.56.0.1 -p 5207 -b 100M -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams [ 5] 0.00-5.00 sec 59.6 MBytes 100 Mbits/sec 0.000 ms 0/44701 (0%) sender [ 5] 0.00-5.04 sec 59.6 MBytes 99.2 Mbits/sec 0.001 ms 0/44701 (0%) receiver iperf Done. [26-06-02 09:38:23][ASSERT#0019][OK] cost=5.241s [26-06-02 09:38:23][ASSERT#0020][cmd] at cases/switch_ipsec_vxlan.sh:120 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5207" [26-06-02 09:38:23][ASSERT#0020][OK] cost=0.057s [26-06-02 09:38:23][ASSERT#0021][cmd] at cases/switch_ipsec_vxlan.sh:96 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec1 openlan ipsec tunnel add --remote 172.248.0.242 --protocol vxlan --secret ea64d5b0c96c --localid sw1.ipsec.test --remoteid sw2.ipsec.test" [26-06-02 09:38:24][ASSERT#0021][OK] cost=0.076s [26-06-02 09:38:24][ASSERT#0022][cmd] at cases/switch_ipsec_vxlan.sh:97 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec2 openlan ipsec tunnel add --remote 172.248.0.241 --protocol vxlan --secret ea64d5b0c96c --localid sw2.ipsec.test --remoteid sw1.ipsec.test" [26-06-02 09:38:24][ASSERT#0022][OK] cost=0.081s [26-06-02 09:38:24][ASSERT#0023][match] at cases/switch_ipsec_vxlan.sh:98 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec1 openlan ipsec tunnel ls | grep 172.248.0.242" expect="erouted" 172.248.0.242 vxlan ea64d5b0c96c [sw1.ipsec.test]0 -> [sw2.ipsec.test]0 erouted [26-06-02 09:38:25][ASSERT#0023][OK] cost=1.141s [26-06-02 09:38:25][ASSERT#0024][match] at cases/switch_ipsec_vxlan.sh:99 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 openlan ipsec tunnel ls | grep 172.248.0.241" expect="erouted" 172.248.0.241 vxlan ea64d5b0c96c [sw2.ipsec.test]0 -> [sw1.ipsec.test]0 erouted [26-06-02 09:38:25][ASSERT#0024][OK] cost=0.063s [26-06-02 09:38:25][ASSERT#0025][match] at cases/switch_ipsec_vxlan.sh:100 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.223 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.368 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.525 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2039ms [26-06-02 09:38:27][ASSERT#0025][OK] cost=2.097s [26-06-02 09:38:27][ASSERT#0026][cmd] at cases/switch_ipsec_vxlan.sh:102 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec1 openlan reload --save" Save configuraion ... success # reloading pid:442 .... PID 442 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:706 ... PID 706 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-02 09:38:28][ASSERT#0026][OK] cost=1.076s [26-06-02 09:38:28][ASSERT#0027][cmd] at cases/switch_ipsec_vxlan.sh:103 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec2 openlan reload --save" Save configuraion ... success # reloading pid:455 .... PID 455 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:709 ... PID 709 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-02 09:38:29][ASSERT#0027][OK] cost=1.070s [26-06-02 09:38:29][ASSERT#0028][match] at cases/switch_ipsec_vxlan.sh:105 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec1 openlan ipsec tunnel ls | grep 172.248.0.242" expect="erouted" 172.248.0.242 vxlan ea64d5b0c96c [sw1.ipsec.test]0 -> [sw2.ipsec.test]0 erouted [26-06-02 09:38:29][ASSERT#0028][OK] cost=0.065s [26-06-02 09:38:29][ASSERT#0029][match] at cases/switch_ipsec_vxlan.sh:106 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 openlan ipsec tunnel ls | grep 172.248.0.241" expect="erouted" 172.248.0.241 vxlan ea64d5b0c96c [sw2.ipsec.test]0 -> [sw1.ipsec.test]0 erouted [26-06-02 09:38:29][ASSERT#0029][OK] cost=0.073s [26-06-02 09:38:29][ASSERT#0030][match] at cases/switch_ipsec_vxlan.sh:107 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.237 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.511 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.393 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2035ms [26-06-02 09:38:31][ASSERT#0030][OK] cost=2.096s [26-06-02 09:38:31][ASSERT#0031][match] at cases/switch_ipsec_vxlan.sh:111 fn=test_vxlan_output_perf retry=30 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="0% packet loss" PING 192.56.0.1 (192.56.0.1) 1200(1228) bytes of data. --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 969ms rtt min/avg/max/mdev = 0.195/0.407/0.645/0.110 ms [26-06-02 09:38:32][ASSERT#0031][OK] cost=1.040s [26-06-02 09:38:32][ASSERT#0032][match] at cases/switch_ipsec_vxlan.sh:112 fn=test_vxlan_output_perf retry=5 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="rtt min/avg/max" --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 970ms rtt min/avg/max/mdev = 0.239/0.441/0.551/0.079 ms [26-06-02 09:38:33][ASSERT#0032][OK] cost=1.033s [26-06-02 09:38:33][ASSERT#0033][cmd] at cases/switch_ipsec_vxlan.sh:114 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5206" [26-06-02 09:38:33][ASSERT#0033][OK] cost=0.047s [26-06-02 09:38:34][ASSERT#0034][match] at cases/switch_ipsec_vxlan.sh:115 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -c 192.56.0.1 -p 5206 -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-5.00 sec 426 MBytes 715 Mbits/sec 4609 sender [ 5] 0.00-5.04 sec 417 MBytes 695 Mbits/sec receiver iperf Done. [26-06-02 09:38:39][ASSERT#0034][OK] cost=5.226s [26-06-02 09:38:39][ASSERT#0035][cmd] at cases/switch_ipsec_vxlan.sh:116 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5206" [26-06-02 09:38:39][ASSERT#0035][OK] cost=0.050s [26-06-02 09:38:39][ASSERT#0036][cmd] at cases/switch_ipsec_vxlan.sh:118 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5207" [26-06-02 09:38:39][ASSERT#0036][OK] cost=0.057s [26-06-02 09:38:39][ASSERT#0037][match] at cases/switch_ipsec_vxlan.sh:119 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -u -c 192.56.0.1 -p 5207 -b 100M -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams [ 5] 0.00-5.00 sec 59.6 MBytes 100 Mbits/sec 0.000 ms 0/46086 (0%) sender [ 5] 0.00-5.04 sec 59.6 MBytes 99.2 Mbits/sec 0.051 ms 0/46086 (0%) receiver iperf Done. [26-06-02 09:38:44][ASSERT#0037][OK] cost=5.241s [26-06-02 09:38:44][ASSERT#0038][cmd] at cases/switch_ipsec_vxlan.sh:120 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5207" [26-06-02 09:38:44][ASSERT#0038][OK] cost=0.062s [26-06-02 09:38:44][ASSERT#0039][cmd] at cases/switch_ipsec_vxlan.sh:126 fn=test_vxlan_output_remove cmd="docker exec tests-sw-ipsec2 openlan network --name example output rm --device xei1056" [26-06-02 09:38:44][ASSERT#0039][OK] cost=0.096s [26-06-02 09:38:44][ASSERT#0040][unmatch] at cases/switch_ipsec_vxlan.sh:127 fn=test_vxlan_output_remove retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" unexpected="bytes from" Last output: PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. From 192.56.0.2 icmp_seq=1 Destination Host Unreachable From 192.56.0.2 icmp_seq=2 Destination Host Unreachable From 192.56.0.2 icmp_seq=3 Destination Host Unreachable --- 192.56.0.1 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2073ms pipe 3 [26-06-02 09:40:34][ASSERT#0040][OK] cost=110.076s [26-06-02 09:40:35] END switch_ipsec_vxlan status=PASS cost=159.400s