/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
west #
 # scrub any password file
west #
 :> /etc/ipsec.secrets
west #
 # start
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 # generate fresh keys
west #
 ../../guestbin/genhostkey.sh $PWD
raw ecdsa
us=west them=east leftright=left
west #
 # fix/add hostkey config
west #
 cp ipsec.conf /etc/ipsec.conf
west #
 cat OUTPUT/east.hostkey >>/etc/ipsec.conf
west #
 cat OUTPUT/west.hostkey >>/etc/ipsec.conf
west #
 cat /etc/ipsec.conf
# /etc/ipsec.conf - Libreswan IPsec configuration file
config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	dumpdir=/tmp
	plutodebug=all
conn hostkey
	left=192.1.2.45
	leftsubnet=192.0.1.0/24
	right=192.1.2.23
	rightsubnet=192.0.2.0/24
	authby=ecdsa
	# ecdsakey <<KEYID#1>>
	rightecdsakey=0s<<RAW-PUBKEY#1>>
	# ecdsakey <<KEYID#2>>
	leftecdsakey=0s<<RAW-PUBKEY#2>>
west #
 ipsec auto --add hostkey
002 "hostkey": added IKEv2 connection
west #
 ipsec auto --up hostkey
1v2 "hostkey" #1: initiating IKEv2 connection
1v2 "hostkey" #1: sent IKE_SA_INIT request to 192.1.2.23:500
1v2 "hostkey" #1: sent IKE_AUTH request {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
003 "hostkey" #1: initiator established IKE SA; authenticated peer 'P-256 ECDSA with SHA2_512' digital signature using preloaded certificate '192.1.2.23'
004 "hostkey" #2: initiator established Child SA using #1; IPsec tunnel [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] {ESP/ESN=>0xESPESP <0xESPESP xfrm=AES_GCM_16_256-NONE DPD=passive}
west #
 

