/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 echo "initdone"
initdone
west #
 ipsec auto --add first
"first": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=4.5.6.7 match an interface)
west #
 ipsec auto --add second
"second": added unoriented IKEv2 connection (neither left=2.3.4.5 nor right=5.6.7.8 match an interface)
west #
 # conn second should inherit the conn %default values with 3des-sha1
west #
 ipsec status |grep "algorithms:"
"first":   IKE algorithms: AES_CBC-HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192
"first":   ESP algorithms: AES_CBC-HMAC_SHA2_256_128
"second":   IKE algorithms: 3DES_CBC-HMAC_SHA1-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192
"second":   ESP algorithms: 3DES_CBC-HMAC_SHA1_96
west #
 # connection should fail to load - don't accept %fromcert without cert
west #
 ipsec auto --add cert-complain
"cert-complain": failed to add connection: ID cannot be specified as %fromcert if PSK or AUTH-NULL is used
west #
 # this one should work as %fromcert means for the CERT received with IKE
west #
 ipsec auto --add cert-allow
"cert-allow": added IKEv2 connection
west #
 echo done
done
west #
