/testing/guestbin/swan-prep
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec add addconn
"addconn": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--phase2=esp
"addconn--phase2=esp": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--phase2=ah
"addconn--phase2=ah": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--phase2=esp--ah=sha1--esp=aes
"addconn--phase2=esp--ah=sha1--esp=aes": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--phase2=ah--ah=sha1--esp=aes
"addconn--phase2=ah--ah=sha1--esp=aes": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--esp=aes
"addconn--esp=aes": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--ah=sha1
"addconn--ah=sha1": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--type=passthrough
"addconn--type=passthrough": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--type=passthrough--phase2=esp
"addconn--type=passthrough--phase2=esp": warning: phase2=esp ignored for never-negotiate (type=passthrough) connection
"addconn--type=passthrough--phase2=esp": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--type=passthrough--phase2=ah
"addconn--type=passthrough--phase2=ah": warning: phase2=ah ignored for never-negotiate (type=passthrough) connection
"addconn--type=passthrough--phase2=ah": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack                              --host 1.2.3.4 --to --host 5.6.7.8
"whack": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--encrypt      --encrypt      --host 1.2.3.4 --to --host 5.6.7.8
"whack--encrypt": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--authenticate --authenticate --host 1.2.3.4 --to --host 5.6.7.8
"whack--authenticate": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--pass                              --pass --host 1.2.3.4 --to --host 5.6.7.8
"whack--pass": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--pass--encrypt      --encrypt      --pass --host 1.2.3.4 --to --host 5.6.7.8
"whack--pass--encrypt": warning: phase2=esp ignored for never-negotiate (type=passthrough) connection
"whack--pass--encrypt": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--pass--authenticate --authenticate --pass --host 1.2.3.4 --to --host 5.6.7.8
"whack--pass--authenticate": warning: phase2=ah ignored for never-negotiate (type=passthrough) connection
"whack--pass--authenticate": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec connectionstatus | sed -n -e 's/\(.* policy:\) .*ENCRYPT.*/\1 ENCRYPT/p'
"addconn":   policy: ENCRYPT
"addconn--esp=aes":   policy: ENCRYPT
"addconn--phase2=esp":   policy: ENCRYPT
"addconn--phase2=esp--ah=sha1--esp=aes":   policy: ENCRYPT
"whack":   policy: ENCRYPT
"whack--encrypt":   policy: ENCRYPT
west #
 ipsec connectionstatus | sed -n -e 's/\(.* policy:\) .*AUTHENTICATE.*/\1 AUTHENTICATE/p'
"addconn--ah=sha1":   policy: AUTHENTICATE
"addconn--phase2=ah":   policy: AUTHENTICATE
"addconn--phase2=ah--ah=sha1--esp=aes":   policy: AUTHENTICATE
"whack--authenticate":   policy: AUTHENTICATE
west #
