/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 ipsec certutil -D -n "Libreswan test CA for mainca - Libreswan"
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec whack --impair send_pkcs7_thingie
west #
 ipsec auto --add westnet-eastnet-x509
"westnet-eastnet-x509": added IKEv1 connection
west #
 ipsec whack --impair suppress_retransmits
west #
 echo "initdone"
initdone
west #
 ipsec auto --up westnet-eastnet-x509
"westnet-eastnet-x509" #1: initiating IKEv1 Main Mode connection
"westnet-eastnet-x509" #1: sent Main Mode request
"westnet-eastnet-x509" #1: sent Main Mode I2
"westnet-eastnet-x509" #1: IMPAIR: sending cert as pkcs7 blob
"westnet-eastnet-x509" #1: I am sending a certificate request
"westnet-eastnet-x509" #1: sent Main Mode I3
"westnet-eastnet-x509" #1: no Certificate Authority in NSS Certificate DB! certificate payloads discarded
"westnet-eastnet-x509" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
"westnet-eastnet-x509" #1: authenticated peer using preloaded certificate 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' and 3nnn-bit RSA with SHA1 signature issued by 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
"westnet-eastnet-x509" #1: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"westnet-eastnet-x509" #2: initiating Quick Mode IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"westnet-eastnet-x509" #2: sent Quick Mode request
"westnet-eastnet-x509" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
west #
 echo done
done
west #
 grep PKCS7 /tmp/pluto.log
|    cert encoding: CERT_PKCS7_WRAPPED_X509 (0x1)
|    cert encoding: CERT_PKCS7_WRAPPED_X509 (0x1)
west #
 ../../guestbin/ipsec-kernel-state.sh
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 XXXXXXXX 
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 XXXXXXXX 
west #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
west #
 
