/testing/guestbin/swan-prep  --x509
Preparing X.509 files
east #
 ipsec certutil -D -n road
east #
 cp east-ikev2-oe.conf /etc/ipsec.d/ikev2-oe.conf
east #
 cp policies/* /etc/ipsec.d/policies/
east #
 echo "192.1.3.0/24"  >> /etc/ipsec.d/policies/private-or-clear
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec whack --impair suppress_retransmits
east #
 # give OE policies time to load
east #
 ../../guestbin/wait-for.sh --match 'loaded 10' -- ipsec auto --status
Total IPsec connections: loaded 10, routed 5, active 0
east #
 ipsec status | grep "our auth" | grep private
"clear-or-private":   our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+AUTH_NULL+RSASIG_v1_5, our autheap:none, their autheap:none;
"private":   our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+AUTH_NULL+RSASIG_v1_5, our autheap:none, their autheap:none;
"private-or-clear":   our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+AUTH_NULL+RSASIG_v1_5, our autheap:none, their autheap:none;
"private-or-clear#192.1.3.0/24":   our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+AUTH_NULL+RSASIG_v1_5, our autheap:none, their autheap:none;
east #
 echo "initdone"
initdone
east #
 # Authentication should be AUTH_NULL
east #
 grep '^[^|].*authenticated' /tmp/pluto.log
"private-or-clear#192.1.3.0/24"[1] ...192.1.3.209 #1: responder established IKE SA; authenticated peer using authby=null and IPV4_ADDR '192.1.3.209'
east #
