diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:35:38 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2009-06-23 11:35:38 +0000 |
| commit | 7c52c3f35cdbdff58443b994f2f33d13b4d81f57 (patch) | |
| tree | e54a27979ea72ec41702bec2984c2eadac3b8862 /testing/tests/ikev1/ike-alg-strict-fail | |
| parent | 4ef45ba0404dac3773e83af995a5ec584b23d633 (diff) | |
| download | vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.tar.gz vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.zip | |
Updated to new upstream version.
Diffstat (limited to 'testing/tests/ikev1/ike-alg-strict-fail')
4 files changed, 6 insertions, 6 deletions
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/description.txt b/testing/tests/ikev1/ike-alg-strict-fail/description.txt index 03c655480..252080e80 100644 --- a/testing/tests/ikev1/ike-alg-strict-fail/description.txt +++ b/testing/tests/ikev1/ike-alg-strict-fail/description.txt @@ -1,5 +1,5 @@ -The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication +The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines -<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer, +<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer, leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces -<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail. +<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail. diff --git a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat index 931b8855a..0c6bc7f7e 100644 --- a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat +++ b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat @@ -1,5 +1,5 @@ carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES -moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES +moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES moon::cat /var/log/auth.log::no acceptable Oakley Transform::YES diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf index cbe5469f0..63ad1c01d 100755 --- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=3des-sha + ike=3des-sha1 esp=3des-sha1 conn home diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf index 42e5f8404..1ea5fe7a5 100755 --- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha! + ike=aes128-sha1! esp=aes128-sha1 conn rw |