/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec add addconn
"addconn": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--iptfs=no
"addconn--iptfs=no": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--iptfs=yes
"addconn--iptfs=yes": failed to add connection: IPTFS is not supported by the kernel: requires option CONFIG_XFRM_IPTFS
west #
 ipsec add addconn--type=passthrough
"addconn--type=passthrough": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--type=passthrough--iptfs=no
"addconn--type=passthrough--iptfs=no": warning: iptfs=no ignored for never-negotiate connection
"addconn--type=passthrough--iptfs=no": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec add addconn--type=passthrough--iptfs=yes
"addconn--type=passthrough--iptfs=yes": warning: iptfs=yes ignored for never-negotiate connection
"addconn--type=passthrough--iptfs=yes": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack                     --encrypt --host 1.2.3.4 --to --host 5.6.7.8
"whack": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--iptfs      --iptfs     --encrypt --host 1.2.3.4 --to --host 5.6.7.8
"whack--iptfs": failed to add connection: IPTFS is not supported by the kernel: requires option CONFIG_XFRM_IPTFS
west #
 ipsec whack --name whack--iptfs=no   --iptfs=no  --encrypt --host 1.2.3.4 --to --host 5.6.7.8
"whack--iptfs=no": added unoriented IKEv2 connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--iptfs=yes  --iptfs=yes --encrypt --host 1.2.3.4 --to --host 5.6.7.8
"whack--iptfs=yes": failed to add connection: IPTFS is not supported by the kernel: requires option CONFIG_XFRM_IPTFS
west #
 ipsec whack --name whack--passthrough                     --pass --auth-never --host 1.2.3.4 --to --host 5.6.7.8
"whack--passthrough": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--passthrough--iptfs      --iptfs     --pass --auth-never --host 1.2.3.4 --to --host 5.6.7.8
"whack--passthrough--iptfs": warning: iptfs=yes ignored for never-negotiate connection
"whack--passthrough--iptfs": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--passthrough--iptfs=no   --iptfs=no  --pass --auth-never --host 1.2.3.4 --to --host 5.6.7.8
"whack--passthrough--iptfs=no": warning: iptfs=no ignored for never-negotiate connection
"whack--passthrough--iptfs=no": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec whack --name whack--passthrough--iptfs=yes  --iptfs=yes --pass --auth-never --host 1.2.3.4 --to --host 5.6.7.8
"whack--passthrough--iptfs=yes": warning: iptfs=yes ignored for never-negotiate connection
"whack--passthrough--iptfs=yes": added unoriented passthrough connection (neither left=1.2.3.4 nor right=5.6.7.8 match an interface)
west #
 ipsec connectionstatus | sed -n -e 's/\(.* policy:\) .*PFS.*/\1 PFS/p' | sort
"addconn--iptfs=no":   policy: PFS
"addconn":   policy: PFS
"whack--iptfs=no":   policy: PFS
"whack":   policy: PFS
west #
 
