/testing/guestbin/swan-prep west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # echo "initdone" initdone west # # these conns should load west # # whack testing west # ipsec whack --name testmanual1 --encrypt --ikev2-allow --ipv4 --host 1.2.3.4 --authby=psk --to --host 2.3.4.5 --authby=rsasig 002 added connection description "testmanual1" west # ipsec whack --name testmanual2 --encrypt --ikev2-allow --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig 002 added connection description "testmanual2" west # ipsec whack --name testmanual3 --psk --encrypt --ikev2-allow --ipv4 --host 1.2.3.6 --authby=psk --to --host 2.3.4.7 --authby=psk 002 added connection description "testmanual3" west # # parser testing west # ipsec auto --add test-default while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test-default" west # ipsec auto --add test-v1-secret while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test-v1-secret" west # ipsec auto --add test-v1-rsasig while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test-v1-rsasig" west # ipsec auto --add test-passthrough while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test-passthrough" west # ipsec auto --add test1 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test1" west # ipsec auto --add test2 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test2" west # ipsec auto --add test3 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test3" west # ipsec auto --add test5 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test5" west # ipsec auto --add test6 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test6" west # ipsec auto --add test7 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test7" west # ipsec auto --add test8 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test8" west # ipsec auto --add test9 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 002 added connection description "test9" west # echo "all remaining tests should fail" all remaining tests should fail west # # whack testing west # ipsec whack --name failtestmanual1 --ikev2-allow --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig 036 Failed to add connection "failtestmanual1": non-shunt connection must have AH or ESP west # ipsec whack --name failtestmanual2 --ikev1-allow --encrypt --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig 036 Failed to add connection "failtestmanual2": leftauth= and rightauth= require ikev2 west # ipsec whack --name failtestmanual3 --psk --encrypt --ikev2-allow --ipv4 --host 1.2.3.4 --authby=null --to --host 2.3.4.5 --authby=rsasig 036 Failed to add connection "failtestmanual3": leftauth=null is unequal to rightauth=rsasig so authby=PSK must not be set west # ipsec whack --name failtestmanual4 --rsasig --encrypt --ikev2-allow --ipv4 --host 1.2.3.4 --authby=null --to --host 2.3.4.5 --authby=rsasig 036 Failed to add connection "failtestmanual4": leftauth=null is unequal to rightauth=rsasig so authby=RSASIG must not be set west # # parser testing west # ipsec auto --add failtest0 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest0": cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null) west # ipsec auto --add failtest1 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest1": leftauth= and rightauth= require ikev2 west # ipsec auto --add failtest2 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest2": leftauth=rsasig is unequal to rightauth=secret so authby=PSK must not be set west # ipsec auto --add failtest3 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest3": leftauth=rsasig is unequal to rightauth=secret so authby=RSASIG must not be set west # ipsec auto --add failtest4 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest4": leftauth=rsasig is unequal to rightauth=secret so authby=AUTHNULL must not be set west # ipsec auto --add failtest5 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest5": leftauth= and rightauth= must both be set or both be unset west # ipsec auto --add failtest6 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest6": leftauth= and rightauth= must both be set or both be unset west # ipsec auto --add failtest7 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest7": leftauth= and rightauth= must both be set or both be unset west # ipsec auto --add failtest8 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest8": shunt connection cannot have authentication method other then authby=never west # ipsec auto --add failtest9 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never 036 Failed to add connection "failtest9": leftauth= / rightauth= options are invalid for type=passthrough connection west # ipsec auto --add failtest10 while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never addconn, in config '/etc/ipsec.conf', ignoring: connection allowing ikev1 must use authby= of rsasig, secret or never conn failtest10 did not load properly west # echo "Showing policies of all loaded connections" Showing policies of all loaded connections west # ipsec status | grep -E 'policy: |our auth:' 000 "test-default": our auth:rsasig, their auth:rsasig 000 "test-default": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test-passthrough": our auth:unset, their auth:unset 000 "test-passthrough": policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE; 000 "test-v1-rsasig": our auth:rsasig, their auth:rsasig 000 "test-v1-rsasig": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test-v1-secret": our auth:secret, their auth:secret 000 "test-v1-secret": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test1": our auth:secret, their auth:secret 000 "test1": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test2": our auth:rsasig, their auth:rsasig 000 "test2": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test3": our auth:null, their auth:null 000 "test3": policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test5": our auth:secret, their auth:rsasig 000 "test5": policy: ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test6": our auth:null, their auth:rsasig 000 "test6": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test7": our auth:secret, their auth:secret 000 "test7": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test8": our auth:null, their auth:null 000 "test8": policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "test9": our auth:rsasig, their auth:rsasig 000 "test9": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO; 000 "testmanual1": our auth:secret, their auth:rsasig 000 "testmanual1": policy: ENCRYPT+IKEV2_ALLOW; 000 "testmanual2": our auth:null, their auth:rsasig 000 "testmanual2": policy: RSASIG+ENCRYPT+IKEV2_ALLOW; 000 "testmanual3": our auth:secret, their auth:secret 000 "testmanual3": policy: PSK+ENCRYPT+IKEV2_ALLOW; west # echo done done west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi