/testing/guestbin/swan-prep
east #
 # import real west+mainca
east #
 pk12util -W foobar -K '' -d sql:/etc/ipsec.d -i /testing/x509/pkcs12/mainca/west.p12
pk12util: PKCS12 IMPORT SUCCESSFUL
east #
 # delete real main CA
east #
 certutil -D -d sql:/etc/ipsec.d -n "Libreswan test CA for mainca - Libreswan"
east #
 # import fake east cert and fake main CA
east #
 pk12util -W foobar -K '' -d sql:/etc/ipsec.d -i /testing/x509/fake/pkcs12/mainca/east.p12
pk12util: PKCS12 IMPORT SUCCESSFUL
east #
 # remove main CA - so real-west cannot be verified - rely on cert=west
east #
 certutil -D -d sql:/etc/ipsec.d -n "Libreswan test CA for mainca - Libreswan"
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add ikev2-westnet-eastnet-x509-cr
002 "ikev2-westnet-eastnet-x509-cr": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 ../../guestbin/ipsec-look.sh
east NOW
XFRM state:
XFRM policy:
src 192.0.2.0/24 dst 192.0.1.0/24
	dir out priority PRIORITY ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth1 scope link src 192.0.2.254
192.0.2.0/24 dev eth0 proto kernel scope link src 192.0.2.254
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.23
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east                                                         u,u,u
west                                                         u,u,u
east #
 
