/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 echo "initdone"
initdone
west #
 # these conns should load
west #
 # whack testing
west #
 ipsec whack --name testmanual1 --encrypt --ikev2-allow --ipv4 --host 1.2.3.4 --authby=psk --to --host 2.3.4.5 --authby=rsasig
002 added connection description "testmanual1"
west #
 ipsec whack --name testmanual2 --encrypt --ikev2-allow --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
002 added connection description "testmanual2"
west #
 ipsec whack --name testmanual3 --psk --encrypt --ikev2-allow --ipv4 --host 1.2.3.6 --authby=psk --to --host 2.3.4.7 --authby=psk
002 added connection description "testmanual3"
west #
 # parser testing
west #
 ipsec auto --add test-default
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test-default"
west #
 ipsec auto --add test-v1-secret
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test-v1-secret"
west #
 ipsec auto --add test-v1-rsasig
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test-v1-rsasig"
west #
 ipsec auto --add test-passthrough
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "test-passthrough": shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add test1
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test1"
west #
 ipsec auto --add test2
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test2"
west #
 ipsec auto --add test3
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test3"
west #
 ipsec auto --add test5
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test5"
west #
 ipsec auto --add test6
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test6"
west #
 ipsec auto --add test7
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test7"
west #
 ipsec auto --add test8
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test8"
west #
 ipsec auto --add test9
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
002 added connection description "test9"
west #
 echo "all remaining tests should fail"
all remaining tests should fail
west #
 # whack testing
west #
 ipsec whack --name failtestmanual1 --ikev2-allow --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
036 Failed to add connection "failtestmanual1": non-shunt connection must have AH or ESP
west #
 ipsec whack --name failtestmanual2 --ikev1-allow --encrypt --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
036 Failed to add connection "failtestmanual2": leftauth= and rightauth= require ikev2
west #
 # parser testing
west #
 ipsec auto --add failtest0
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest0": cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null)
west #
 ipsec auto --add failtest1
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest1": leftauth= and rightauth= require ikev2
west #
 ipsec auto --add failtest3
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest3": leftauth= and rightauth= require ikev2
west #
 ipsec auto --add failtest4
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
conn failtest4 did not load properly
west #
 ipsec auto --add failtest5
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest5": leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest6
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest6": leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest7
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest7": leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest8
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest8": shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add failtest9
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
036 Failed to add connection "failtest9": shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add failtest10
while loading 'failtest4': ikev1 connection must use authby= of rsasig, secret or never
while loading 'failtest10': ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
addconn, in config '/etc/ipsec.conf', ignoring: ikev1 connection must use authby= of rsasig, secret or never
ikev1 connection must use authby= of rsasig, secret or never
conn failtest10 did not load properly
west #
 echo "Showing policies of all loaded connections"
Showing policies of all loaded connections
west #
 ipsec status | grep -E 'policy: |our auth:'
000 "test-default":   our auth:rsasig, their auth:rsasig
000 "test-default":   policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test-default":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test-v1-rsasig":   our auth:rsasig, their auth:rsasig
000 "test-v1-rsasig":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test-v1-secret":   our auth:secret, their auth:secret
000 "test-v1-secret":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test1":   our auth:secret, their auth:secret
000 "test1":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test1":   v2-auth-hash-policy: none;
000 "test2":   our auth:rsasig, their auth:rsasig
000 "test2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test2":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test3":   our auth:null, their auth:null
000 "test3":   policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test3":   v2-auth-hash-policy: none;
000 "test5":   our auth:secret, their auth:rsasig
000 "test5":   policy: ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test5":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test6":   our auth:null, their auth:rsasig
000 "test6":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test6":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "test7":   our auth:secret, their auth:secret
000 "test7":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test7":   v2-auth-hash-policy: none;
000 "test8":   our auth:null, their auth:null
000 "test8":   policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test8":   v2-auth-hash-policy: none;
000 "test9":   our auth:rsasig, their auth:rsasig
000 "test9":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5;
000 "test9":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "testmanual1":   our auth:secret, their auth:rsasig
000 "testmanual1":   policy: ENCRYPT+IKEV2_ALLOW;
000 "testmanual1":   v2-auth-hash-policy: none;
000 "testmanual2":   our auth:null, their auth:rsasig
000 "testmanual2":   policy: RSASIG+ENCRYPT+IKEV2_ALLOW;
000 "testmanual2":   v2-auth-hash-policy: none;
000 "testmanual3":   our auth:secret, their auth:secret
000 "testmanual3":   policy: PSK+ENCRYPT+IKEV2_ALLOW;
000 "testmanual3":   v2-auth-hash-policy: none;
west #
 echo done
done
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

