/testing/guestbin/swan-prep  --x509
Preparing X.509 files
east #
 certutil -D -n road -d sql:/etc/ipsec.d
east #
 cp east-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
east #
 cp policies/* /etc/ipsec.d/policies/
east #
 echo "192.1.3.0/24"  >> /etc/ipsec.d/policies/private-or-clear
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec whack --impair suppress-retransmits
east #
 # give OE policies time to load
east #
 ../../guestbin/wait-for.sh --match 'loaded 11,' -- ipsec auto --status
000 Total IPsec connections: loaded 11, active 0
east #
 ipsec status | grep "our auth" | grep private
000 "clear-or-private":   our auth:rsasig, their auth:rsasig, our autheap:none, their autheap:none;
000 "private":   our auth:rsasig, their auth:rsasig, our autheap:none, their autheap:none;
000 "private-or-clear":   our auth:rsasig, their auth:rsasig, our autheap:none, their autheap:none;
000 "private-or-clear#192.1.3.0/24":   our auth:rsasig, their auth:rsasig, our autheap:none, their autheap:none;
000 "private-or-clear-all":   our auth:rsasig, their auth:rsasig, our autheap:none, their autheap:none;
east #
 echo "initdone"
initdone
east #
 # Authentication should be RSA
east #
 hostname | grep nic > /dev/null || grep authenticated /tmp/pluto.log
"private-or-clear#192.1.3.0/24"[1] ...192.1.3.209 #1: established IKE SA; authenticated using RSA with SHA2_512 and peer certificate '192.1.3.209' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
east #
 
