/testing/guestbin/swan-prep --x509 Preparing X.509 files west # certutil -D -n east -d sql:/etc/ipsec.d west # ipsec start Redirecting to: [initsystem] west # /testing/pluto/bin/wait-until-pluto-started west # ipsec auto --add san 002 added connection description "san" west # echo "initdone" initdone west # ipsec whack --impair suppress-retransmits west # # this should succeed west # ipsec auto --up san 002 "san" #1: initiating v2 parent SA 1v2 "san" #1: initiate 1v2 "san" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 1v2 "san" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "san" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "san" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack west # echo "done" done west # # confirm the right ID types were sent/received west # grep "ID type" /tmp/pluto.log | ID type: ID_DER_ASN1_DN (0x9) | ID type: ID_DER_ASN1_DN (0x9) west # grep "RSA authentication failed" /tmp/pluto.log west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi