/testing/guestbin/swan-prep
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec start
Redirecting to: namespaces direct start via ipsec pluto
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# /testing/pluto/bin/wait-until-pluto-started
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# echo "initdone"
initdone
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# # these should load properly
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add default-implicit-authby
002 added IKEv2 connection "default-implicit-authby"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add default-specified-authby
002 added IKEv2 connection "default-specified-authby"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa-rsa
002 added IKEv2 connection "ecdsa-rsa"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa
002 added IKEv2 connection "ecdsa"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa-sha2
002 added IKEv2 connection "ecdsa-sha2"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa-sha2_256
002 added IKEv2 connection "ecdsa-sha2_256"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa-sha2_384
002 added IKEv2 connection "ecdsa-sha2_384"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa-sha2_512
002 added IKEv2 connection "ecdsa-sha2_512"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add rsa-sha1
002 added IKEv2 connection "rsa-sha1"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add rsa-sha2
002 added IKEv2 connection "rsa-sha2"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add rsa-sha2_256
002 added IKEv2 connection "rsa-sha2_256"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add rsa-sha2_384
002 added IKEv2 connection "rsa-sha2_384"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add rsa-sha2_512
002 added IKEv2 connection "rsa-sha2_512"
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec status |grep policy: | grep -v modecfg
000 "default-implicit-authby":   policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "default-implicit-authby":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "default-specified-authby":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "default-specified-authby":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "ecdsa":   policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "ecdsa":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "ecdsa-rsa":   policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "ecdsa-rsa":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "ecdsa-sha2":   policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "ecdsa-sha2":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "ecdsa-sha2_256":   policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "ecdsa-sha2_256":   v2-auth-hash-policy: SHA2_256;
000 "ecdsa-sha2_384":   policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "ecdsa-sha2_384":   v2-auth-hash-policy: SHA2_384;
000 "ecdsa-sha2_512":   policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "ecdsa-sha2_512":   v2-auth-hash-policy: SHA2_512;
000 "rsa-sha1":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "rsa-sha1":   v2-auth-hash-policy: none;
000 "rsa-sha2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "rsa-sha2":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "rsa-sha2_256":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "rsa-sha2_256":   v2-auth-hash-policy: SHA2_256;
000 "rsa-sha2_384":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "rsa-sha2_384":   v2-auth-hash-policy: SHA2_384;
000 "rsa-sha2_512":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO;
000 "rsa-sha2_512":   v2-auth-hash-policy: SHA2_512;
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# # these should fail to load
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# cp west-errors.conf /etc/ipsec.d/
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# echo "include /etc/ipsec.d/west-errors.conf" >> /etc/ipsec.conf
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ecdsa-sha1-should-fail
while loading 'ecdsa-sha1-should-fail': authby=ecdsa cannot use sha1, only sha2
while loading 'ikev1-rsa2-should-fail': authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
while loading 'ikev1-ecdsa-should-fail': authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never

conn ecdsa-sha1-should-fail did not load properly
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ikev1-rsa2-should-fail
while loading 'ecdsa-sha1-should-fail': authby=ecdsa cannot use sha1, only sha2
while loading 'ikev1-rsa2-should-fail': authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
while loading 'ikev1-ecdsa-should-fail': authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never

conn ikev1-rsa2-should-fail did not load properly
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# ipsec auto --add ikev1-ecdsa-should-fail
while loading 'ecdsa-sha1-should-fail': authby=ecdsa cannot use sha1, only sha2
while loading 'ikev1-rsa2-should-fail': authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
while loading 'ikev1-ecdsa-should-fail': authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: authby=ecdsa cannot use sha1, only sha2
ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never

conn ikev1-ecdsa-should-fail did not load properly
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# rm /etc/ipsec.d/west-errors.conf
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# echo done
done
]0;root@swantest:/home/build/libreswan/testing/pluto/libipsecconf-06-ikev2-hash-algo[root@west libipsecconf-06-ikev2-hash-algo]# >>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<<tuc<<<<<<<<<<