/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
east #
 # import real west+mainca
east #
 ipsec pk12util -W foobar -K '' -i /testing/x509/pkcs12/mainca/west.p12
pk12util: PKCS12 IMPORT SUCCESSFUL
east #
 # delete real main CA
east #
 ipsec certutil -D -n "Libreswan test CA for mainca - Libreswan"
east #
 # import fake east cert and fake main CA
east #
 ipsec pk12util -W foobar -K '' -i /testing/x509/fake/pkcs12/mainca/east.p12
pk12util: PKCS12 IMPORT SUCCESSFUL
east #
 # remove main CA - so real-west cannot be verified - rely on cert=west
east #
 ipsec certutil -D -n "Libreswan test CA for mainca - Libreswan"
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add ikev2-westnet-eastnet-x509-cr
"ikev2-westnet-eastnet-x509-cr": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 ../../guestbin/ipsec-kernel-state.sh
east #
 ../../guestbin/ipsec-kernel-policy.sh
east #
 
