/testing/guestbin/swan-prep --x509 --x509name notyetvalid Preparing X.509 files west # certutil -d sql:/etc/ipsec.d -D -n east west # ipsec _stackmanager start west # mkdir -p /var/run/pluto west # # set a time in the future so notyetvalid and east certs are valid here west # faketime -f +370d ipsec pluto --config /etc/ipsec.conf west # /testing/pluto/bin/wait-until-pluto-started west # # if faketime works, adding conn should not give a warning about cert west # ipsec auto --add nss-cert 002 added connection description "nss-cert" west # echo "initdone" initdone west # ipsec whack --impair suppress-retransmits west # ipsec auto --up nss-cert 002 "nss-cert" #1: initiating Main Mode 1v1 "nss-cert" #1: STATE_MAIN_I1: initiate 1v1 "nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2 002 "nss-cert" #1: I am sending my cert 002 "nss-cert" #1: I am sending a certificate request 1v1 "nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3 003 "nss-cert" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12 003 "nss-cert" #1: received and ignored informational message 002 "nss-cert" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set 031 "nss-cert" #1: max number of retransmissions (0) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message 002 "nss-cert" #1: deleting state (STATE_MAIN_I3) west # echo done done west # # will only show up on east - note "expired" is wrong and should be "not yet valid" west # grep "ERROR" /tmp/pluto.log west # west # ../bin/check-for-core.sh west # if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi