/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 certutil -D -n east -d sql:/etc/ipsec.d
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec auto --add ikev2-westnet-eastnet-x509-cr
002 added connection description "ikev2-westnet-eastnet-x509-cr"
west #
 ipsec status | grep idtype
000 "ikev2-westnet-eastnet-x509-cr":   our idtype: ID_IPV4_ADDR; our id=192.1.2.45; their idtype: ID_FQDN; their id=@right
west #
 ipsec whack --impair suppress-retransmits
west #
 echo "initdone"
initdone
west #
 # expected to fail
west #
 ipsec auto --up ikev2-westnet-eastnet-x509-cr
002 "ikev2-westnet-eastnet-x509-cr" #1: initiating Main Mode
1v1 "ikev2-westnet-eastnet-x509-cr" #1: STATE_MAIN_I1: initiate
1v1 "ikev2-westnet-eastnet-x509-cr" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "ikev2-westnet-eastnet-x509-cr" #1: I am sending my cert
002 "ikev2-westnet-eastnet-x509-cr" #1: I am sending a certificate request
1v1 "ikev2-westnet-eastnet-x509-cr" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "ikev2-westnet-eastnet-x509-cr" #1: Peer ID is ID_FQDN: '@right'
002 "ikev2-westnet-eastnet-x509-cr" #1: certificate verified OK: E=user-east-nosan@testing.libreswan.org,CN=east-nosan.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
003 "ikev2-westnet-eastnet-x509-cr" #1: certificate contains no subjectAltName extension matching 'right'
003 "ikev2-westnet-eastnet-x509-cr" #1: certificate does not contain subjectAltName=right
002 "ikev2-westnet-eastnet-x509-cr" #1: Peer public key SubjectAltName does not match peer ID for this connection
002 "ikev2-westnet-eastnet-x509-cr" #1: X509: CERT payload does not match connection ID
218 "ikev2-westnet-eastnet-x509-cr" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
002 "ikev2-westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.23:500
031 "ikev2-westnet-eastnet-x509-cr" #1: STATE_MAIN_I3: 60 second timeout exceeded after 0 retransmits.  Possible authentication failure: no acceptable response to our first encrypted message
000 "ikev2-westnet-eastnet-x509-cr" #1: starting keying attempt 2 of an unlimited number, but releasing whack
west #
 echo "done"
done
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi