/testing/guestbin/swan-prep
east #
 cp east-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
east #
 cp policies/* /etc/ipsec.d/policies/
east #
 echo "192.1.3.0/24"  >> /etc/ipsec.d/policies/clear-or-private
east #
 ip addr add 192.1.2.67/24 dev eth1
east #
 ipsec start
Redirecting to: [initsystem]
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec whack --impair suppress-retransmits
east #
 ipsec whack --listpubkeys | sed "s/Key AQ[^ ]* /Key AQXXXX /"
000  
000 List of Public Keys:
000  
000 TIMESTAMP, 2192 RSA Key AQXXXX (has private key), until --- -- --:--:-- ---- ok (expires never)
000        ID_IPV4_ADDR '192.1.2.67'
east #
 # give OE policies time to load
east #
 sleep 5
east #
 echo "initdone"
initdone
east #
 # you should see one RSA and on NULL only
east #
 grep IKEv2_AUTH_ /tmp/pluto.log
| emitting 2 raw bytes of hash algorithm identifier IKEv2_AUTH_HASH_SHA2_256 into IKEv2 Notify Payload
| hash algorithm identifier IKEv2_AUTH_HASH_SHA2_256: 00 02
| emitting 2 raw bytes of hash algorithm identifier IKEv2_AUTH_HASH_SHA2_384 into IKEv2 Notify Payload
| hash algorithm identifier IKEv2_AUTH_HASH_SHA2_384: 00 03
| emitting 2 raw bytes of hash algorithm identifier IKEv2_AUTH_HASH_SHA2_512 into IKEv2 Notify Payload
| hash algorithm identifier IKEv2_AUTH_HASH_SHA2_512: 00 04
|    auth method: IKEv2_AUTH_NULL (0xd)
|    auth method: IKEv2_AUTH_DIGSIG (0xe)
east #
 # NO ipsec tunnel should be up
east #
 ipsec whack --trafficstatus

[ needs fixing ]

east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

