/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec auto --add distraction
"distraction": added IKEv2 connection
west #
 ipsec auto --add west-to-east
"west-to-east": added IKEv2 connection
west #
 ipsec auto --start west-to-east
"west-to-east": added IKEv2 connection
"west-to-east" #1: initiating IKEv2 connection to 192.1.2.23 using UDP
"west-to-east" #1: sent IKE_SA_INIT request to 192.1.2.23:UDP/500
"west-to-east" #1: omitting CHILD SA payloads
"west-to-east" #1: processed IKE_SA_INIT response from 192.1.2.23:UDP/500 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=DH19}, initiating IKE_AUTH
"west-to-east" #1: sent IKE_AUTH request to 192.1.2.23:UDP/500; Child SA #2 {ESP <0xESPESP}
"west-to-east" #1: initiator established IKE SA; authenticated peer certificate 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' and 3nnn-bit RSASSA-PSS with SHA2_512 digital signature issued by 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
west #
 ../../guestbin/ipsec-look.sh
west NOW
XFRM state:
XFRM policy:
src 0.0.0.0/0 dst 192.1.2.45/32
	security context system_u:object_r:ipsec_spd_t:s0
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 0.0.0.0/0 dst 192.1.2.45/32
	security context system_u:object_r:ipsec_spd_t:s0
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.1.2.45/32 dst 0.0.0.0/0
	security context system_u:object_r:ipsec_spd_t:s0
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
XFRM done
IPSEC mangle TABLES
iptables filter TABLE
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 via 192.1.2.23 dev eth1
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
mainca                                                       CT,, 
east                                                         P,,  
east-ec                                                      P,,  
hashsha1                                                     P,,  
nic                                                          P,,  
north                                                        P,,  
road                                                         P,,  
west                                                         u,u,u
west #
