/testing/guestbin/swan-prep
west #
 ipsec start
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
Redirecting to: systemctl start ipsec.service
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 echo "initdone"
initdone
west #
 # these conns should load
west #
 # whack testing
west #
 ipsec whack --name testmanual1 --encrypt --ikev2-propose --ikev2-allow --ipv4 --host 1.2.3.4 --authby=psk --to --host 2.3.4.5 --authby=rsasig
002 added connection description "testmanual1"
west #
 ipsec whack --name testmanual2 --encrypt --ikev2-propose --ikev2-allow --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
002 added connection description "testmanual2"
west #
 ipsec whack --name testmanual3 --psk --encrypt --ikev2-propose --ikev2-allow --ipv4 --host 1.2.3.6 --authby=psk --to --host 2.3.4.7 --authby=psk
002 added connection description "testmanual3"
west #
 # parser testing
west #
 ipsec auto --add test-default
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test-default"
west #
 ipsec auto --add test-v1-secret
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test-v1-secret"
west #
 ipsec auto --add test-v1-rsasig
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test-v1-rsasig"
west #
 ipsec auto --add test-passthrough
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test-passthrough"
west #
 ipsec auto --add test1
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test1"
west #
 ipsec auto --add test2
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test2"
west #
 ipsec auto --add test3
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test3"
west #
 ipsec auto --add test5
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test5"
west #
 ipsec auto --add test6
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test6"
west #
 ipsec auto --add test7
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test7"
west #
 ipsec auto --add test8
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test8"
west #
 ipsec auto --add test9
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
002 added connection description "test9"
west #
 echo "all remaining tests should fail"
all remaining tests should fail
west #
 # whack testing
west #
 ipsec whack --name failtestmanual1 --ikev2-propose --ikev2-allow --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
036 Failed to add connection "failtestmanual1": non-shunt connection must have AH or ESP
west #
 ipsec whack --name failtestmanual2 --encrypt --ipv4 --host 1.2.3.5 --authby=null --to --host 2.3.4.6 --authby=rsasig
036 Failed to add connection "failtestmanual2": leftauth= and rightauth= require ikev2=insist
west #
 ipsec whack --name failtestmanual3 --psk --encrypt --ikev2-propose --ikev2-allow --ipv4 --host 1.2.3.4 --authby=null --to --host 2.3.4.5 --authby=rsasig
036 Failed to add connection "failtestmanual3": leftauth=null is unequal to rightauth=rsasig so authby=PSK must not be set
west #
 ipsec whack --name failtestmanual4 --rsasig --encrypt --ikev2-propose --ikev2-allow --ipv4 --host 1.2.3.4 --authby=null --to --host 2.3.4.5 --authby=rsasig
036 Failed to add connection "failtestmanual4": leftauth=null is unequal to rightauth=rsasig so authby=RSASIG must not be set
west #
 # parser testing
west #
 ipsec auto --add failtest0
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest0": cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null)
west #
 ipsec auto --add failtest1
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest1": leftauth= and rightauth= require ikev2=insist
west #
 ipsec auto --add failtest2
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest2": leftauth=rsasig is unequal to rightauth=secret so authby=PSK must not be set
west #
 ipsec auto --add failtest3
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest3": leftauth=rsasig is unequal to rightauth=secret so authby=RSASIG must not be set
west #
 ipsec auto --add failtest4
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest4": leftauth=rsasig is unequal to rightauth=secret so authby=AUTHNULL must not be set
west #
 ipsec auto --add failtest5
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest5": leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest6
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest6": leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest7
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest7": leftauth= and rightauth= must both be set or both be unset
west #
 ipsec auto --add failtest8
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest8": shunt connection cannot have authentication method other then authby=never
west #
 ipsec auto --add failtest9
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
036 Failed to add connection "failtest9": leftauth= / rightauth= options are invalid for type=passthrough connection
west #
 ipsec auto --add failtest10
while loading 'failtest10': connection allowing ikev1 must use authby= of rsasig, secret or never
conn failtest10 did not load properly
west #
 echo "Showing policies of all loaded connections"
Showing policies of all loaded connections
west #
 ipsec status | egrep 'policy: |our auth:'
000 "test-default":   our auth:rsasig, their auth:rsasig
000 "test-default":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test-passthrough":   our auth:unset, their auth:unset
000 "test-passthrough":   policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE;
000 "test-v1-rsasig":   our auth:rsasig, their auth:rsasig
000 "test-v1-rsasig":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test-v1-secret":   our auth:secret, their auth:secret
000 "test-v1-secret":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test1":   our auth:secret, their auth:secret
000 "test1":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test2":   our auth:rsasig, their auth:rsasig
000 "test2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test3":   our auth:null, their auth:null
000 "test3":   policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test5":   our auth:secret, their auth:rsasig
000 "test5":   policy: ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test6":   our auth:null, their auth:rsasig
000 "test6":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test7":   our auth:secret, their auth:secret
000 "test7":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test8":   our auth:null, their auth:null
000 "test8":   policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "test9":   our auth:rsasig, their auth:rsasig
000 "test9":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "testmanual1":   our auth:secret, their auth:rsasig
000 "testmanual1":   policy: ENCRYPT+IKEV2_ALLOW+IKEV2_PROPOSE;
000 "testmanual2":   our auth:null, their auth:rsasig
000 "testmanual2":   policy: RSASIG+ENCRYPT+IKEV2_ALLOW+IKEV2_PROPOSE;
000 "testmanual3":   our auth:secret, their auth:secret
000 "testmanual3":   policy: PSK+ENCRYPT+IKEV2_ALLOW+IKEV2_PROPOSE;
west #
 echo done
done
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

