/testing/guestbin/swan-prep --x509 Preparing X.509 files kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# certutil -D -n east -d sql:/etc/ipsec.d kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: /etc/init.d/ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Starting pluto IKE daemon for IPsec: kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# ipsec auto --add san 002 added connection description "san" kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# ipsec whack --impair suppress-retransmits kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# # this should succeed kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# ipsec auto --up san 002 "san" #1: initiating Aggressive Mode 002 "san" #1: I am sending a certificate request 002 "san" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 110 "san" #1: STATE_AGGR_I1: initiate 002 "san" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' 003 "san" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification 003 "san" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. 002 "san" #1: X509: Certificate rejected for this connection 002 "san" #1: X509: CERT payload bogus or revoked 003 "san" #1: initial Aggressive Mode packet claiming to be from C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org on 192.1.2.23:500 but no connection has been authorized 218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION 002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500 kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# echo "done" done kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# # confirm the right ID types were sent/received kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# grep "ID type" /tmp/pluto.log | sort | uniq | ID type: ID_DER_ASN1_DN (0x9) kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert]# ipsec auto --status whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) kroot@swantest:/home/build/libreswan/testing/pluto/ikev1-x509-aggr-14-san-dn-fromcert\[root@west ikev1-x509-aggr-14-san-dn-fromcert 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh '../bin/check-for-core.sh' <<<<<<<<<