/testing/guestbin/swan-prep
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# ipsec start
Redirecting to: namespaces direct start via ipsec pluto
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# /testing/pluto/bin/wait-until-pluto-started
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# echo "initdone"
initdone
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# ipsec auto --add first
002 added IKEv2 connection "first"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# ipsec auto --add second
002 added IKEv2 connection "second"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# # conn second should inherit the conn %default values with 3des-md5
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# ipsec status |grep "algorithms:"
000 "first":   IKE algorithms: AES_CBC-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
000 "first":   ESP algorithms: AES_CBC-HMAC_SHA2_256_128
000 "second":   IKE algorithms: 3DES_CBC-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
000 "second":   ESP algorithms: 3DES_CBC-HMAC_SHA1_96
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# # connection should fail to load - don't accept %fromcert without cert
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# ipsec auto --add cert-complain
036 ID cannot be specified as %fromcert if PSK or AUTH-NULL is used
036 connection "cert-complain": failed to add connection: attempt to load incomplete connection
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04 36]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 36 westrun.sh 'ipsec auto --add cert-complain' <<<<<<<<<<tuc<<<<<<<<<<# this one should work as %fromcert means for the CERT received with IKE
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04 36]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 36 westrun.sh '# this one should work as %fromcert means for the CERT received with IKE' <<<<<<<<<<tuc<<<<<<<<<<ipsec auto --add cert-allow
002 added IKEv2 connection "cert-allow"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# echo done
done
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-04[root@west libipsecconf-04]# >>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<<tuc<<<<<<<<<<