/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 certutil -d sql:/etc/ipsec.d -D -n east
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec auto --add nss-cert
002 added connection description "nss-cert"
west #
 ipsec auto --status |grep nss-cert
000 "nss-cert": 192.0.1.254/32===192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert]===192.0.2.254/32; unrouted; eroute owner: #0
000 "nss-cert":     oriented; my_ip=192.0.1.254; their_ip=192.0.2.254; mycert=west; my_updown=ipsec _updown;
000 "nss-cert":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "nss-cert":   our auth:rsasig, their auth:rsasig
000 "nss-cert":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
000 "nss-cert":   labeled_ipsec:no;
000 "nss-cert":   policy_label:unset;
000 "nss-cert":   CAs: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'...'%any'
000 "nss-cert":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "nss-cert":   retransmit-interval: 9999ms; retransmit-timeout: 99s;
000 "nss-cert":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "nss-cert":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "nss-cert":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "nss-cert":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "nss-cert":   our idtype: ID_DER_ASN1_DN; our id=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org; their idtype: %fromcert; their id=%fromcert
000 "nss-cert":   dpd: action:hold; delay:0; timeout:0; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "nss-cert":   newest ISAKMP SA: #0; newest IPsec SA: #0;
west #
 ipsec whack --impair suppress-retransmits
west #
 echo "initdone"
initdone
west #
 ipsec auto --up nss-cert
002 "nss-cert" #1: initiating v2 parent SA
1v2 "nss-cert" #1: initiate
1v2 "nss-cert" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
1v2 "nss-cert" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
002 "nss-cert" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED
000 "nss-cert" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack
west #
 echo done
done
west #
 certutil -L -d sql:/etc/ipsec.d
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
west                                                         u,u,u
Libreswan test CA for mainca - Libreswan                     CT,, 
road                                                         P,,  
north                                                        P,,  
hashsha1                                                     P,,  
east-ec                                                      P,,  
nic                                                          P,,  
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi