/testing/guestbin/swan-prep --x509 Preparing X.509 files east # ipsec start Redirecting to: [initsystem] east # /testing/pluto/bin/wait-until-pluto-started east # ipsec auto --add ikev2-westnet-eastnet-x509-cr 002 added connection description "ikev2-westnet-eastnet-x509-cr" east # echo "initdone" initdone east # ../../pluto/bin/ipsec-look.sh east NOW XFRM state: src 192.1.2.45 dst 192.1.2.23 proto esp spi 0xSPISPI reqid REQID mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 src 192.1.2.23 dst 192.1.2.45 proto esp spi 0xSPISPI reqid REQID mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0xENCAUTHKEY 128 XFRM policy: src 192.0.1.0/24 dst 192.0.2.0/24 dir fwd priority 1042407 ptype main tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid REQID mode tunnel src 192.0.1.0/24 dst 192.0.2.0/24 dir in priority 1042407 ptype main tmpl src 192.1.2.45 dst 192.1.2.23 proto esp reqid REQID mode tunnel src 192.0.2.0/24 dst 192.0.1.0/24 dir out priority 1042407 ptype main tmpl src 192.1.2.23 dst 192.1.2.45 proto esp reqid REQID mode tunnel XFRM done IPSEC mangle TABLES NEW_IPSEC_CONN mangle TABLES ROUTING TABLES default via 192.1.2.254 dev eth1 192.0.1.0/24 dev eth1 scope link src 192.0.2.254 192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254 192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Libreswan test CA for mainca - Libreswan CT,, east u,u,u hashsha1 P,, nic P,, north P,, road P,, west P,, west-ec P,, east # # on east, it should show it failed the NSS IPsec profile and used the NSS TLS profile east # hostname | grep east > /dev/null && grep "verify_end_cert trying profile" /tmp/pluto.log | verify_end_cert trying profile IPsec east # east # ../bin/check-for-core.sh east # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi