/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 echo "initdone"
initdone
west #
 # these conns should load
west #
 # whack testing
west #
 ipsec whack --name testmanual1 --encrypt --ikev2 --ipv4 --host 1.2.3.4 --authby=psk --to --host 2.3.4.5 --authby=rsasig
002 "testmanual1": added IKEv2 connection
west #
 ipsec whack --name testmanual2 --encrypt --ikev2 --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
002 "testmanual2": added IKEv2 connection
west #
 ipsec whack --name testmanual3 --psk --encrypt --ikev2 --ipv4 --host 1.2.3.6 --authby=psk --to --host 2.3.4.7 --authby=psk
002 "testmanual3": added IKEv2 connection
west #
 # parser testing
west #
 ipsec auto --add test-default
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test-default": added IKEv2 connection
west #
 ipsec auto --add test-v1-secret
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test-v1-secret": added IKEv1 connection
west #
 ipsec auto --add test-v1-rsasig
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test-v1-rsasig": added IKEv1 connection
west #
 ipsec auto --add test-passthrough
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "test-passthrough": failed to add connection: shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add test1
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test1": added IKEv2 connection
west #
 ipsec auto --add test2
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test2": added IKEv2 connection
west #
 ipsec auto --add test3
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test3": added IKEv2 connection
west #
 ipsec auto --add test5
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test5": added IKEv2 connection
west #
 ipsec auto --add test6
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test6": added IKEv2 connection
west #
 ipsec auto --add test7
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test7": added IKEv2 connection
west #
 ipsec auto --add test8
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test8": added IKEv2 connection
west #
 ipsec auto --add test9
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 "test9": added IKEv2 connection
west #
 echo "all remaining tests should fail"
all remaining tests should fail
west #
 # whack testing
west #
 ipsec whack --name failtestmanual1 --ikev2 --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
036 "failtestmanual1": failed to add connection: non-shunt connection must have AH or ESP
west #
 ipsec whack --name failtestmanual2 --ikev1 --encrypt --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
036 "failtestmanual2": failed to add connection: leftauth= and rightauth= require ikev2
west #
 # parser testing
west #
 ipsec auto --add failtest0
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest0": failed to add connection: cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null)
west #
 ipsec auto --add failtest1
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest1": failed to add connection: leftauth= and rightauth= require ikev2
west #
 ipsec auto --add failtest3
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest3": failed to add connection: leftauth= and rightauth= require ikev2
west #
 ipsec auto --add failtest4
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
conn failtest4 did not load properly
west #
 ipsec auto --add failtest5
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest5": failed to add connection: leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest6
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest6": failed to add connection: leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest7
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest7": failed to add connection: leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest8
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest8": failed to add connection: shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add failtest9
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 "failtest9": failed to add connection: shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add failtest10
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
conn failtest10 did not load properly
west #
 echo "Showing policies of all loaded connections"
Showing policies of all loaded connections
west #
 ipsec status | grep -E 'policy: |our auth:'
000 "test-default":   our auth:rsasig, their auth:rsasig
000 "test-default":   policy: IKEv2+RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test-default":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test-v1-rsasig":   our auth:rsasig, their auth:rsasig
000 "test-v1-rsasig":   policy: IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO;
000 "test-v1-secret":   our auth:secret, their auth:secret
000 "test-v1-secret":   policy: IKEv1+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO;
000 "test1":   our auth:secret, their auth:secret
000 "test1":   policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO;
000 "test1":   v2-auth-hash-policy: none;
000 "test2":   our auth:rsasig, their auth:rsasig
000 "test2":   policy: IKEv2+RSASIG+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test2":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test3":   our auth:null, their auth:null
000 "test3":   policy: IKEv2+AUTH_NULL+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO;
000 "test3":   v2-auth-hash-policy: none;
000 "test5":   our auth:secret, their auth:rsasig
000 "test5":   policy: IKEv2+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test5":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test6":   our auth:null, their auth:rsasig
000 "test6":   policy: IKEv2+RSASIG+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test6":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test7":   our auth:secret, their auth:secret
000 "test7":   policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO;
000 "test7":   v2-auth-hash-policy: none;
000 "test8":   our auth:null, their auth:null
000 "test8":   policy: IKEv2+AUTH_NULL+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO;
000 "test8":   v2-auth-hash-policy: none;
000 "test9":   our auth:rsasig, their auth:rsasig
000 "test9":   policy: IKEv2+RSASIG+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test9":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "testmanual1":   our auth:secret, their auth:rsasig
000 "testmanual1":   policy: IKEv2+ENCRYPT;
000 "testmanual1":   v2-auth-hash-policy: none;
000 "testmanual2":   our auth:null, their auth:rsasig
000 "testmanual2":   policy: IKEv2+RSASIG+ENCRYPT;
000 "testmanual2":   v2-auth-hash-policy: none;
000 "testmanual3":   our auth:secret, their auth:secret
000 "testmanual3":   policy: IKEv2+PSK+ENCRYPT;
000 "testmanual3":   v2-auth-hash-policy: none;
west #
 echo done
done
west #
 
