/testing/guestbin/swan-prep --fips
Password changed successfully.
FIPS mode enabled.
east #
 ipsec checknss
east #
 PATH/bin/modutil -dbdir sql:/etc/ipsec.d -fips true -force
FIPS mode already enabled.
east #
 PATH/bin/modutil -dbdir sql:/etc/ipsec.d -chkfips true
FIPS mode enabled.
east #
 fipscheck
usage: fipscheck [-s <hmac-suffix>] <paths-to-files>
fips mode is on
east #
 ipsec start
Redirecting to: systemctl start ipsec.service
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 grep FIPS /tmp/pluto.log
FIPS Product: YES
FIPS Kernel: YES
FIPS Mode: YES
NSS Password from file "/etc/ipsec.d/nsspassword" for token "NSS FIPS 140-2 Certificate DB" with length 6 passed to NSS
FIPS HMAC integrity support [enabled]
FIPS mode enabled for pluto daemon
NSS library is running in FIPS mode
FIPS HMAC integrity verification self-test passed
Starting Pluto (Libreswan Version )
ENCRYPT algorithm camellia_ctr: DISABLED; not FIPS compliant
ENCRYPT algorithm camellia: DISABLED; not FIPS compliant
ENCRYPT algorithm serpent: DISABLED; not FIPS compliant
ENCRYPT algorithm twofish: DISABLED; not FIPS compliant
ENCRYPT algorithm twofish_ssh: DISABLED; not FIPS compliant
ENCRYPT algorithm cast: DISABLED; not FIPS compliant
ENCRYPT algorithm null: DISABLED; not FIPS compliant
HASH algorithm md5: DISABLED; not FIPS compliant
PRF algorithm md5: DISABLED; not FIPS compliant
INTEG algorithm md5: DISABLED; not FIPS compliant
INTEG algorithm ripemd: DISABLED; not FIPS compliant
DH algorithm MODP1024: DISABLED; not FIPS compliant
DH algorithm MODP1536: DISABLED; not FIPS compliant
ENCRYPT aes_ccm_16:    IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm aes_ccm_c)
ENCRYPT aes_ccm_12:    IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_b)
ENCRYPT aes_ccm_8:     IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_a)
ENCRYPT 3des_cbc:      IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  (3des)
ENCRYPT aes_gcm_16:    IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm aes_gcm_c)
ENCRYPT aes_gcm_12:    IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_b)
ENCRYPT aes_gcm_8:     IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_a)
ENCRYPT aes_ctr:       IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aesctr)
ENCRYPT aes:           IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_cbc)
HASH sha:              IKEv1: IKE         IKEv2:             FIPS  (sha1)
HASH sha2_256:         IKEv1: IKE         IKEv2:             FIPS  (sha2 sha256)
HASH sha2_384:         IKEv1: IKE         IKEv2:             FIPS  (sha384)
HASH sha2_512:         IKEv1: IKE         IKEv2:             FIPS  (sha512)
PRF sha:               IKEv1: IKE         IKEv2: IKE         FIPS  (sha1 hmac_sha1)
PRF sha2_256:          IKEv1: IKE         IKEv2: IKE         FIPS  (sha2 sha256 hmac_sha2_256)
PRF sha2_384:          IKEv1: IKE         IKEv2: IKE         FIPS  (sha384 hmac_sha2_384)
PRF sha2_512:          IKEv1: IKE         IKEv2: IKE         FIPS  (sha512 hmac_sha2_512)
INTEG sha:             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha1 sha1_96 hmac_sha1 hmac_sha1_96)
INTEG sha2_512:        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha512 hmac_sha2_512 hmac_sha2_512_256)
INTEG sha2_384:        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha384 hmac_sha2_384 hmac_sha2_384_192)
INTEG sha2_256:        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha2 sha256 hmac_sha2_256 hmac_sha2_256_128)
INTEG aes_xcbc:        IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_xcbc_96)
INTEG aes_cmac:        IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_cmac_96)
DH MODP2048:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh14)
DH MODP3072:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh15)
DH MODP4096:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh16)
DH MODP6144:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh17)
DH MODP8192:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh18)
DH DH19:               IKEv1: IKE         IKEv2: IKE         FIPS  (ecp_256)
DH DH20:               IKEv1: IKE         IKEv2: IKE         FIPS  (ecp_384)
DH DH21:               IKEv1: IKE         IKEv2: IKE         FIPS  (ecp_521)
DH DH23:               IKEv1: IKE         IKEv2: IKE         FIPS
DH DH24:               IKEv1: IKE         IKEv2: IKE         FIPS
east #
 ipsec auto --add westnet-eastnet-md5
003 PRF algorithm MD5=1 is not supported
003 got 0 transforms for ike="aes-md5"
east #
 echo "initdone"
initdone
east #
 ipsec look
east NOW
XFRM state:
XFRM policy:
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1 
192.0.1.0/24 via 192.1.2.45 dev eth1 
192.0.2.0/24 dev eth0  proto kernel  scope link  src 192.0.2.254 
192.1.2.0/24 dev eth1  proto kernel  scope link  src 192.1.2.23 
192.9.2.0/24 dev eth2  proto kernel  scope link  src 192.9.2.23 
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east #
east #
 if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv /tmp/core* OUTPUT/; fi
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

