/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec auto --add westnet-eastnet-ipv4-psk-ikev2-gcm-c
002 "westnet-eastnet-ipv4-psk-ikev2-gcm-c": added IKEv2 connection
west #
 echo "initdone"
initdone
west #
 ipsec auto --up westnet-eastnet-ipv4-psk-ikev2-gcm-c
1v2 "westnet-eastnet-ipv4-psk-ikev2-gcm-c" #1: initiating IKEv2 connection
1v2 "westnet-eastnet-ipv4-psk-ikev2-gcm-c" #1: sent IKE_SA_INIT request
1v2 "westnet-eastnet-ipv4-psk-ikev2-gcm-c" #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
003 "westnet-eastnet-ipv4-psk-ikev2-gcm-c" #1: established IKE SA; authenticated using authby=secret and peer ID_FQDN '@east'
004 "westnet-eastnet-ipv4-psk-ikev2-gcm-c" #2: established Child SA; IPsec tunnel [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] {ESP=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
west #
 MIN_IKEV2_NONCE_SHA2_512="32"
west #
 emit_nonce="$(grep 'IKEv2 nonce into IKEv2 Nonce Payload' /tmp/pluto.log | grep 'emitting' | sed 's/^.*emitting \([^ ]\+\) raw .*$/\1/' | head -n 1)"
west #
 recv_nonce="$(expr $(grep -A 3 '***parse IKEv2 Nonce Payload:' /tmp/pluto.log | grep 'length:' | sed 's/^.*length: \([^ ]\+\) .*$/\1/' | head -n 1) - 4)"
west #
 echo "emited nonce length (${emit_nonce}) should be >= minimum accepted nonce length for SHA2_512 (${MIN_IKEV2_NONCE_SHA2_512})"
emited nonce length (32) should be >= minimum accepted nonce length for SHA2_512 (32)
west #
 test ${emit_nonce} -ge ${MIN_IKEV2_NONCE_SHA2_512} || echo failed
west #
 echo "received nonce length (${recv_nonce}) should be >= minimum accepted nonce length for SHA2_512 (${MIN_IKEV2_NONCE_SHA2_512})"
received nonce length (32) should be >= minimum accepted nonce length for SHA2_512 (32)
west #
 test ${recv_nonce} -ge ${MIN_IKEV2_NONCE_SHA2_512} || echo failed
west #
 echo done
done
west #
 
