/testing/guestbin/swan-prep
east #
 cp east-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
east #
 cp policies/* /etc/ipsec.d/policies/
east #
 echo "192.1.3.0/24"  >> /etc/ipsec.d/policies/clear-or-private
east #
 ipsec start
Redirecting to: [initsystem]
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec whack --impair suppress-retransmits
east #
 ipsec whack --listpubkeys
000  
000 List of Public Keys:
000  
east #
 # give OE policies time to load
east #
 sleep 5
east #
 echo "initdone"
initdone
east #
 # A tunnel should have established with non-zero byte counters
east #
 ipsec whack --trafficstatus
006 #2: "clear-or-private#192.1.3.0/24"[1] ...192.1.3.209, type=ESP, add_time=1234567890, inBytes=168, outBytes=168, id='ID_NULL'
east #
 grep "negotiated connection" /tmp/pluto.log
"clear-or-private#192.1.3.0/24"[1] ...192.1.3.209 #2: negotiated connection [192.1.2.23-192.1.2.23:0-65535 0] -> [192.1.3.209-192.1.3.209:0-65535 0]
east #
 # you should see one RSA and on NULL only
east #
 grep -e 'auth method: ' -e 'hash algorithm identifier' -e ': authenticated using ' /tmp/pluto.log
| parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
| hash algorithm identifier (network ordered)
| parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
| hash algorithm identifier (network ordered)
| parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
| hash algorithm identifier (network ordered)
| emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload
| hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02
| emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload
| hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03
| emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload
| hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04
|    auth method: IKEv2_AUTH_NULL (0xd)
"clear-or-private#192.1.3.0/24"[1] ...192.1.3.209 #1: authenticated using authby=null
|    auth method: IKEv2_AUTH_DIGSIG (0xe)
east #
 ../bin/check-for-core.sh
east #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi