/testing/guestbin/swan-prep --x509 Preparing X.509 files kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# certutil -D -n east -d sql:/etc/ipsec.d kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# for cert in /testing/x509/pkcs12/mainca/west-*.p12; do pk12util -i $cert -w /testing/x509/nss-pw -d sql:/etc/ipsec.d; done pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL pk12util: PKCS12 IMPORT SUCCESSFUL kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: namespaces direct start via ipsec pluto kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # down'ed conn must remain down kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec whack --impair revival kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # fail quick for -bad certs that are supposed to fail kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec whack --impair suppress-retransmits kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # stock certificate test kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west 002 "west" #1: initiating v2 parent SA 181 "west" #1: initiate 002 "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west 002 "west": terminating SAs using this connection 002 "west" #2: deleting state (STATE_PARENT_I2) aged 0.081s and NOT sending notification 002 "west" #1: deleting state (STATE_PARENT_I2) aged 0.089s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # following tests should work kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-bcCritical 002 "west-bcCritical" #3: initiating v2 parent SA 181 "west-bcCritical" #3: initiate 002 "west-bcCritical": constructed local IKE proposals for west-bcCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-bcCritical" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-bcCritical" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-bcCritical": constructed local ESP/AH proposals for west-bcCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-bcCritical" #4: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-bcCritical" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-bcCritical" #4: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-bcCritical" #4: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-bcCritical 002 "west-bcCritical": terminating SAs using this connection 002 "west-bcCritical" #4: deleting state (STATE_PARENT_I2) aged 0.074s and NOT sending notification 002 "west-bcCritical" #3: deleting state (STATE_PARENT_I2) aged 0.081s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ekuOmit 002 "west-ekuOmit" #5: initiating v2 parent SA 181 "west-ekuOmit" #5: initiate 002 "west-ekuOmit": constructed local IKE proposals for west-ekuOmit (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-ekuOmit" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-ekuOmit" #5: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuOmit": constructed local ESP/AH proposals for west-ekuOmit (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-ekuOmit" #6: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-ekuOmit" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuOmit" #6: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-ekuOmit" #6: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-ekuOmit 002 "west-ekuOmit": terminating SAs using this connection 002 "west-ekuOmit" #6: deleting state (STATE_PARENT_I2) aged 0.077s and NOT sending notification 002 "west-ekuOmit" #5: deleting state (STATE_PARENT_I2) aged 0.084s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-bcOmit 002 "west-bcOmit" #7: initiating v2 parent SA 181 "west-bcOmit" #7: initiate 002 "west-bcOmit": constructed local IKE proposals for west-bcOmit (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-bcOmit" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-bcOmit" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-bcOmit": constructed local ESP/AH proposals for west-bcOmit (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-bcOmit" #8: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-bcOmit" #8: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-bcOmit" #8: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-bcOmit" #8: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-bcOmit 002 "west-bcOmit": terminating SAs using this connection 002 "west-bcOmit" #8: deleting state (STATE_PARENT_I2) aged 0.070s and NOT sending notification 002 "west-bcOmit" #7: deleting state (STATE_PARENT_I2) aged 0.074s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ekuCritical-eku-ipsecIKE 002 "west-ekuCritical-eku-ipsecIKE" #9: initiating v2 parent SA 181 "west-ekuCritical-eku-ipsecIKE" #9: initiate 002 "west-ekuCritical-eku-ipsecIKE": constructed local IKE proposals for west-ekuCritical-eku-ipsecIKE (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-ekuCritical-eku-ipsecIKE" #9: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-ekuCritical-eku-ipsecIKE" #9: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuCritical-eku-ipsecIKE": constructed local ESP/AH proposals for west-ekuCritical-eku-ipsecIKE (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-ekuCritical-eku-ipsecIKE" #10: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-ekuCritical-eku-ipsecIKE" #10: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuCritical-eku-ipsecIKE" #10: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-ekuCritical-eku-ipsecIKE" #10: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-ekuCritical-eku-ipsecIKE 002 "west-ekuCritical-eku-ipsecIKE": terminating SAs using this connection 002 "west-ekuCritical-eku-ipsecIKE" #10: deleting state (STATE_PARENT_I2) aged 0.072s and NOT sending notification 002 "west-ekuCritical-eku-ipsecIKE" #9: deleting state (STATE_PARENT_I2) aged 0.079s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-eku-serverAuth 002 "west-eku-serverAuth" #11: initiating v2 parent SA 181 "west-eku-serverAuth" #11: initiate 002 "west-eku-serverAuth": constructed local IKE proposals for west-eku-serverAuth (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-eku-serverAuth" #11: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-eku-serverAuth" #11: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-eku-serverAuth": constructed local ESP/AH proposals for west-eku-serverAuth (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-eku-serverAuth" #12: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-eku-serverAuth" #12: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-eku-serverAuth" #12: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-eku-serverAuth" #12: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-eku-serverAuth 002 "west-eku-serverAuth": terminating SAs using this connection 002 "west-eku-serverAuth" #12: deleting state (STATE_PARENT_I2) aged 0.070s and NOT sending notification 002 "west-eku-serverAuth" #11: deleting state (STATE_PARENT_I2) aged 0.075s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ku-nonRepudiation 002 "west-ku-nonRepudiation" #13: initiating v2 parent SA 181 "west-ku-nonRepudiation" #13: initiate 002 "west-ku-nonRepudiation": constructed local IKE proposals for west-ku-nonRepudiation (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-ku-nonRepudiation" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-ku-nonRepudiation" #13: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ku-nonRepudiation": constructed local ESP/AH proposals for west-ku-nonRepudiation (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-ku-nonRepudiation" #14: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-ku-nonRepudiation" #14: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ku-nonRepudiation" #14: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-ku-nonRepudiation" #14: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-ku-nonRepudiation 002 "west-ku-nonRepudiation": terminating SAs using this connection 002 "west-ku-nonRepudiation" #14: deleting state (STATE_PARENT_I2) aged 0.071s and NOT sending notification 002 "west-ku-nonRepudiation" #13: deleting state (STATE_PARENT_I2) aged 0.076s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-sanCritical 002 "west-sanCritical" #15: initiating v2 parent SA 181 "west-sanCritical" #15: initiate 002 "west-sanCritical": constructed local IKE proposals for west-sanCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-sanCritical" #15: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-sanCritical" #15: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-sanCritical": constructed local ESP/AH proposals for west-sanCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-sanCritical" #16: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-sanCritical" #16: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-sanCritical" #16: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-sanCritical" #16: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-sanCritical 002 "west-sanCritical": terminating SAs using this connection 002 "west-sanCritical" #16: deleting state (STATE_PARENT_I2) aged 0.075s and NOT sending notification 002 "west-sanCritical" #15: deleting state (STATE_PARENT_I2) aged 0.080s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # This one works now - older NSS versions relied on NSS TLS fallback kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ekuCritical 002 "west-ekuCritical" #17: initiating v2 parent SA 181 "west-ekuCritical" #17: initiate 002 "west-ekuCritical": constructed local IKE proposals for west-ekuCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-ekuCritical" #17: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-ekuCritical" #17: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuCritical": constructed local ESP/AH proposals for west-ekuCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-ekuCritical" #18: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-ekuCritical" #18: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuCritical" #18: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-ekuCritical" #18: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-ekuCritical 002 "west-ekuCritical": terminating SAs using this connection 002 "west-ekuCritical" #18: deleting state (STATE_PARENT_I2) aged 0.103s and NOT sending notification 002 "west-ekuCritical" #17: deleting state (STATE_PARENT_I2) aged 0.110s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-kuCritical 002 "west-kuCritical" #19: initiating v2 parent SA 181 "west-kuCritical" #19: initiate 002 "west-kuCritical": constructed local IKE proposals for west-kuCritical (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-kuCritical" #19: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-kuCritical" #19: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-kuCritical": constructed local ESP/AH proposals for west-kuCritical (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-kuCritical" #20: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-kuCritical" #20: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-kuCritical" #20: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-kuCritical" #20: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-kuCritical 002 "west-kuCritical": terminating SAs using this connection 002 "west-kuCritical" #20: deleting state (STATE_PARENT_I2) aged 0.113s and NOT sending notification 002 "west-kuCritical" #19: deleting state (STATE_PARENT_I2) aged 0.121s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-kuOmit 002 "west-kuOmit" #21: initiating v2 parent SA 181 "west-kuOmit" #21: initiate 002 "west-kuOmit": constructed local IKE proposals for west-kuOmit (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-kuOmit" #21: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-kuOmit" #21: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-kuOmit": constructed local ESP/AH proposals for west-kuOmit (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-kuOmit" #22: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-kuOmit" #22: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-kuOmit" #22: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-kuOmit" #22: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-kuOmit 002 "west-kuOmit": terminating SAs using this connection 002 "west-kuOmit" #22: deleting state (STATE_PARENT_I2) aged 0.085s and NOT sending notification 002 "west-kuOmit" #21: deleting state (STATE_PARENT_I2) aged 0.095s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-eku-clientAuth 002 "west-eku-clientAuth" #23: initiating v2 parent SA 181 "west-eku-clientAuth" #23: initiate 002 "west-eku-clientAuth": constructed local IKE proposals for west-eku-clientAuth (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-eku-clientAuth" #23: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-eku-clientAuth" #23: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-eku-clientAuth": constructed local ESP/AH proposals for west-eku-clientAuth (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-eku-clientAuth" #24: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-eku-clientAuth" #24: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-eku-clientAuth" #24: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-eku-clientAuth" #24: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-eku-clientAuth 002 "west-eku-clientAuth": terminating SAs using this connection 002 "west-eku-clientAuth" #24: deleting state (STATE_PARENT_I2) aged 0.114s and NOT sending notification 002 "west-eku-clientAuth" #23: deleting state (STATE_PARENT_I2) aged 0.122s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-eku-ipsecIKE 002 "west-eku-ipsecIKE" #25: initiating v2 parent SA 181 "west-eku-ipsecIKE" #25: initiate 002 "west-eku-ipsecIKE": constructed local IKE proposals for west-eku-ipsecIKE (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-eku-ipsecIKE" #25: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-eku-ipsecIKE" #25: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-eku-ipsecIKE": constructed local ESP/AH proposals for west-eku-ipsecIKE (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-eku-ipsecIKE" #26: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-eku-ipsecIKE" #26: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-eku-ipsecIKE" #26: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-eku-ipsecIKE" #26: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-eku-ipsecIKE 002 "west-eku-ipsecIKE": terminating SAs using this connection 002 "west-eku-ipsecIKE" #26: deleting state (STATE_PARENT_I2) aged 0.145s and NOT sending notification 002 "west-eku-ipsecIKE" #25: deleting state (STATE_PARENT_I2) aged 0.152s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ku-keyAgreement-digitalSignature 002 "west-ku-keyAgreement-digitalSignature" #27: initiating v2 parent SA 181 "west-ku-keyAgreement-digitalSignature" #27: initiate 002 "west-ku-keyAgreement-digitalSignature": constructed local IKE proposals for west-ku-keyAgreement-digitalSignature (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-ku-keyAgreement-digitalSignature" #27: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-ku-keyAgreement-digitalSignature" #27: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ku-keyAgreement-digitalSignature": constructed local ESP/AH proposals for west-ku-keyAgreement-digitalSignature (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-ku-keyAgreement-digitalSignature" #28: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-ku-keyAgreement-digitalSignature" #28: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ku-keyAgreement-digitalSignature" #28: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-ku-keyAgreement-digitalSignature" #28: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-ku-keyAgreement-digitalSignature 002 "west-ku-keyAgreement-digitalSignature": terminating SAs using this connection 002 "west-ku-keyAgreement-digitalSignature" #28: deleting state (STATE_PARENT_I2) aged 0.080s and NOT sending notification 002 "west-ku-keyAgreement-digitalSignature" #27: deleting state (STATE_PARENT_I2) aged 0.085s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # fails on older versions of NSS only kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ekuCritical-eku-emailProtection 002 "west-ekuCritical-eku-emailProtection" #29: initiating v2 parent SA 181 "west-ekuCritical-eku-emailProtection" #29: initiate 002 "west-ekuCritical-eku-emailProtection": constructed local IKE proposals for west-ekuCritical-eku-emailProtection (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 181 "west-ekuCritical-eku-emailProtection" #29: STATE_PARENT_I1: sent v2I1, expected v2R1 002 "west-ekuCritical-eku-emailProtection" #29: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuCritical-eku-emailProtection": constructed local ESP/AH proposals for west-ekuCritical-eku-emailProtection (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 182 "west-ekuCritical-eku-emailProtection" #30: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} 002 "west-ekuCritical-eku-emailProtection" #30: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds 002 "west-ekuCritical-eku-emailProtection" #30: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED 000 "west-ekuCritical-eku-emailProtection" #30: scheduling retry attempt 1 of an unlimited number, but releasing whack kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --delete west-ekuCritical-eku-emailProtection 002 "west-ekuCritical-eku-emailProtection": terminating SAs using this connection 002 "west-ekuCritical-eku-emailProtection" #30: deleting state (STATE_PARENT_I2) aged 0.091s and NOT sending notification 002 "west-ekuCritical-eku-emailProtection" #29: deleting state (STATE_PARENT_I2) aged 0.098s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# sleep 2 kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# # following tests should fail (but it does not?) kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest]# ipsec auto --up west-ekuBOGUS-bad whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused) kroot@swantest:/home/build/libreswan/testing/pluto/ikev2-x509-02-smoketest\[root@west ikev2-x509-02-smoketest 33]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec auto --up west-ekuBOGUS-bad' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec auto --delete west-ekuBOGUS-bad' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec auto --up west-ku-keyAgreement-bad' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 westrun.sh 'ipsec auto --delete west-ku-keyAgreement-bad' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'grep profile /tmp/pluto.log | grep -v Starting' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 33 final.sh 'ipsec auto --status' <<<<<<<<<>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<