/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 echo "initdone"
initdone
west #
 # first conn is already loaded, do the second one now
west #
 ipsec whack --name whack----rsasig --host 1.2.3.4 --ikefrag-allow --no-esn --pfs --tunnel --rsasig --encrypt --ikev2-allow --ipv4 --to --host 5.6.7.8
002 added IKEv2 connection "whack----rsasig"
west #
 ipsec whack --name whack-----ecdsa --host 1.2.3.4 --ikefrag-allow --no-esn --pfs --tunnel --ecdsa --encrypt --ikev2-allow --ipv4 --to --host 5.6.7.8
002 added IKEv2 connection "whack-----ecdsa"
west #
 ipsec whack --name whack--defaults --host 1.2.3.4 --ikefrag-allow --no-esn --pfs --tunnel --encrypt --ikev2-allow --ipv4 --to --host 5.6.7.8
002 added IKEv2 connection "whack--defaults"
west #
 ipsec whack --name whack--ikev2-default --host 1.2.3.4 --ikefrag-allow --no-esn --pfs --tunnel --encrypt --ipv4 --to --host 5.6.7.8
002 added IKEv2 connection "whack--ikev2-default"
west #
 ipsec status | grep "policy:" | grep rsasig | grep TUNNEL
000 "parser---rsasig":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "whack----rsasig":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
west #
 echo ""
west #
 ipsec status | grep "policy:" | grep defaults | grep TUNNEL
000 "parser-defaults":   policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "whack--defaults":   policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
west #
 echo ""
west #
 ipsec status | grep "hash-policy:" | grep rsasig
000 "parser---rsasig":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "whack----rsasig":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
west #
 echo ""
west #
 ipsec status | grep "hash-policy:" | grep defaults
000 "parser-defaults":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "whack--defaults":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
west #
 echo ""
west #
 ipsec status | grep "TUNNEL" | grep ikev2-default | sed "s/^.*\(IKEV._ALLOW\).*$/\1/"
IKEV2_ALLOW
IKEV2_ALLOW
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi