/testing/guestbin/swan-prep --x509 Preparing X.509 files west # certutil -D -n east -d sql:/etc/ipsec.d west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # ipsec auto --add san 002 added connection description "san" west # echo "initdone" initdone west # ipsec whack --impair delete-on-retransmit west # # this should succeed west # ipsec auto --up san 002 "san" #1: initiating Aggressive Mode 002 "san" #1: I am sending a certificate request 1v1 "san" #1: STATE_AGGR_I1: initiate 002 "san" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' 003 "san" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification 003 "san" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. 002 "san" #1: X509: Certificate rejected for this connection 002 "san" #1: X509: CERT payload bogus or revoked 003 "san" #1: initial Aggressive Mode packet claiming to be from C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=NOTeast.testing.libreswan.org, E=user-east@testing.libreswan.org on 192.1.2.23:500 but no connection has been authorized 218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION 002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500 002 "san" #1: IMPAIR: retransmit so deleting SA 002 "san" #1: deleting state (STATE_AGGR_I1) and NOT sending notification west # echo "done" done west # # confirm the right ID types were sent/received west # grep "ID type" /tmp/pluto.log | sort | uniq | ID type: ID_DER_ASN1_DN (0x9) west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi