summaryrefslogtreecommitdiff
path: root/testing/tests/ikev1
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-06-23 11:25:24 +0000
commit41787e147279ff0695e9d759487266a60b80867b (patch)
tree8f28566c8fd7106c80d2536d2df540dbb4499cc5 /testing/tests/ikev1
parentc3e7f611ea8273c6b3909cb006ade4903a74aad0 (diff)
downloadvyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.tar.gz
vyos-strongswan-41787e147279ff0695e9d759487266a60b80867b.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.3.2)
Diffstat (limited to 'testing/tests/ikev1')
-rwxr-xr-xtesting/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev1/alg-blowfish/description.txt4
-rw-r--r--testing/tests/ikev1/alg-blowfish/evaltest.dat8
-rw-r--r--testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/alg-serpent/description.txt4
-rw-r--r--testing/tests/ikev1/alg-serpent/evaltest.dat10
-rwxr-xr-xtesting/tests/ikev1/alg-serpent/hosts/carol/etc/ipsec.conf24
-rwxr-xr-xtesting/tests/ikev1/alg-serpent/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/alg-serpent/posttest.dat2
-rw-r--r--testing/tests/ikev1/alg-serpent/pretest.dat5
-rw-r--r--testing/tests/ikev1/alg-serpent/test.conf22
-rw-r--r--testing/tests/ikev1/alg-sha-equals-sha1/description.txt5
-rw-r--r--testing/tests/ikev1/alg-sha-equals-sha1/evaltest.dat9
-rwxr-xr-xtesting/tests/ikev1/alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf25
-rwxr-xr-xtesting/tests/ikev1/alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev1/alg-sha-equals-sha1/posttest.dat2
-rw-r--r--testing/tests/ikev1/alg-sha-equals-sha1/pretest.dat5
-rw-r--r--testing/tests/ikev1/alg-sha-equals-sha1/test.conf22
-rw-r--r--testing/tests/ikev1/alg-sha2_256/description.txt4
-rw-r--r--testing/tests/ikev1/alg-sha2_256/evaltest.dat8
-rw-r--r--testing/tests/ikev1/alg-twofish/description.txt4
-rw-r--r--testing/tests/ikev1/alg-twofish/evaltest.dat10
-rwxr-xr-xtesting/tests/ikev1/alg-twofish/hosts/carol/etc/ipsec.conf24
-rwxr-xr-xtesting/tests/ikev1/alg-twofish/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ikev1/alg-twofish/posttest.dat2
-rw-r--r--testing/tests/ikev1/alg-twofish/pretest.dat5
-rw-r--r--testing/tests/ikev1/alg-twofish/test.conf22
-rw-r--r--testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ikev1/crl-ldap/evaltest.dat4
-rw-r--r--testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf15
-rw-r--r--testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/ikev1/dpd-restart/evaltest.dat2
-rw-r--r--testing/tests/ikev1/esp-ah-transport/description.txt2
-rw-r--r--testing/tests/ikev1/esp-ah-transport/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-ah-tunnel/description.txt2
-rw-r--r--testing/tests/ikev1/esp-ah-tunnel/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-aesxcbc/description.txt2
-rw-r--r--testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-camellia/description.txt2
-rw-r--r--testing/tests/ikev1/esp-alg-camellia/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-des/evaltest.dat6
-rw-r--r--testing/tests/ikev1/esp-alg-null/evaltest.dat6
-rwxr-xr-xtesting/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/esp-alg-strict-fail/description.txt6
-rw-r--r--testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat6
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/esp-alg-strict/description.txt8
-rw-r--r--testing/tests/ikev1/esp-alg-strict/evaltest.dat10
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf4
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/esp-alg-weak/description.txt2
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_384/description.txt4
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat8
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_512/description.txt4
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat8
-rw-r--r--testing/tests/ikev1/ike-alg-strict-fail/description.txt6
-rw-r--r--testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat2
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/ike-alg-strict/description.txt8
-rw-r--r--testing/tests/ikev1/ike-alg-strict/evaltest.dat10
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf4
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/mode-config/evaltest.dat2
-rw-r--r--testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf13
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat2
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/no-priv-key/evaltest.dat4
-rw-r--r--testing/tests/ikev1/protoport-route/evaltest.dat4
-rw-r--r--testing/tests/ikev1/protoport-route/pretest.dat4
-rw-r--r--testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf15
-rw-r--r--testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf14
-rw-r--r--testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf14
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat2
-rw-r--r--testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat4
-rw-r--r--testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf15
-rw-r--r--testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/xauth-psk-mode-config/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/xauth-psk-mode-config/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf11
109 files changed, 554 insertions, 380 deletions
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
index 392a4b51e..d55638907 100755
--- a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
+ plutodebug=control
+ crlcheckinterval=180
strictcrlpolicy=no
charonstart=no
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 40eb84b8a..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
-}
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
index e56090f48..94517ecbe 100755
--- a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
+ plutodebug=control
+ crlcheckinterval=180
strictcrlpolicy=no
charonstart=no
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 40eb84b8a..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
-}
diff --git a/testing/tests/ikev1/alg-blowfish/description.txt b/testing/tests/ikev1/alg-blowfish/description.txt
index cff0a1915..7d8f245ab 100644
--- a/testing/tests/ikev1/alg-blowfish/description.txt
+++ b/testing/tests/ikev1/alg-blowfish/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>BLOWFISH_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and
-<b>BLOWFISH_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat
index a2ae3ff6b..fd46cdb9d 100644
--- a/testing/tests/ikev1/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat
@@ -1,9 +1,9 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: BLOWFISH_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: BLOWFISH_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: BLOWFISH_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: BLOWFISH_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
carol::ip xfrm state::enc cbc(blowfish)::YES
moon::ip xfrm state::enc cbc(blowfish)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f5401f260
--- /dev/null
+++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f5401f260
--- /dev/null
+++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/alg-serpent/description.txt b/testing/tests/ikev1/alg-serpent/description.txt
deleted file mode 100644
index f49c0a1c0..000000000
--- a/testing/tests/ikev1/alg-serpent/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>SERPENT_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and
-<b>SERPENT_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-serpent/evaltest.dat b/testing/tests/ikev1/alg-serpent/evaltest.dat
deleted file mode 100644
index ffca0e7a0..000000000
--- a/testing/tests/ikev1/alg-serpent/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: SERPENT_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: SERPENT_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: SERPENT_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: SERPENT_256-HMAC_SHA2_256::YES
-carol::ip xfrm state::enc cbc(serpent)::YES
-moon::ip xfrm state::enc cbc(serpent)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-
diff --git a/testing/tests/ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-serpent/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index b050f022a..000000000
--- a/testing/tests/ikev1/alg-serpent/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug="control crypt"
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- ike=serpent256-sha2_512-modp4096!
- esp=serpent256-sha2_256!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-serpent/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 75830f043..000000000
--- a/testing/tests/ikev1/alg-serpent/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug="control crypt"
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- ike=serpent256-sha2_512-modp4096!
- esp=serpent256-sha2_256!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- right=%any
- rightid=carol@strongswan.org
- auto=add
diff --git a/testing/tests/ikev1/alg-serpent/posttest.dat b/testing/tests/ikev1/alg-serpent/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/alg-serpent/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/alg-serpent/pretest.dat b/testing/tests/ikev1/alg-serpent/pretest.dat
deleted file mode 100644
index 6d2eeb5f9..000000000
--- a/testing/tests/ikev1/alg-serpent/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-serpent/test.conf b/testing/tests/ikev1/alg-serpent/test.conf
deleted file mode 100644
index a6c8f026c..000000000
--- a/testing/tests/ikev1/alg-serpent/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/description.txt b/testing/tests/ikev1/alg-sha-equals-sha1/description.txt
deleted file mode 100644
index aeb2e1a88..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the syntactically
-incorrect cipher suites <b>ike=aes128-sha1-modp1536</b> for the
-IKE protocol and <b>esp=aes128-sha</b> for ESP packets. Since <b>sha</b> and
-<b>sha1</b> are treated as synonyms the proposal is neverless correctly parsed.
-A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/evaltest.dat b/testing/tests/ikev1/alg-sha-equals-sha1/evaltest.dat
deleted file mode 100644
index c3656c690..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA-MODP1536::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA-MODP1536::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 40d31c0ac..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug="control crypt"
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- ike=aes128-sha1-modp1536!
- esp=aes128-sha!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
-
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 1461f7933..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug="control crypt"
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- ike=aes128-sha1-modp1536!
- esp=aes128-sha!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- right=%any
- rightid=carol@strongswan.org
- auto=add
-
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/posttest.dat b/testing/tests/ikev1/alg-sha-equals-sha1/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/pretest.dat b/testing/tests/ikev1/alg-sha-equals-sha1/pretest.dat
deleted file mode 100644
index 7d077c126..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha-equals-sha1/test.conf b/testing/tests/ikev1/alg-sha-equals-sha1/test.conf
deleted file mode 100644
index a6c8f026c..000000000
--- a/testing/tests/ikev1/alg-sha-equals-sha1/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/alg-sha2_256/description.txt b/testing/tests/ikev1/alg-sha2_256/description.txt
index 900fcf017..e0af2e2f7 100644
--- a/testing/tests/ikev1/alg-sha2_256/description.txt
+++ b/testing/tests/ikev1/alg-sha2_256/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the rather strong cipher suite
-<b>AES_CBC_128-SHA2_256-MODP1536</b> for the IKE protocol and
-<b>AES_128-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_1536</b> for the IKE protocol and
+<b>AES_CBC_128 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha2_256/evaltest.dat b/testing/tests/ikev1/alg-sha2_256/evaltest.dat
index 42d0099eb..b8a83e0fb 100644
--- a/testing/tests/ikev1/alg-sha2_256/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha2_256/evaltest.dat
@@ -1,10 +1,10 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA2_256-MODP1536::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA2_256-MODP1536::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
carol::ip xfrm state::auth hmac(sha256)::YES
moon::ip xfrm state::auth hmac(sha256)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-twofish/description.txt b/testing/tests/ikev1/alg-twofish/description.txt
deleted file mode 100644
index 0015561ee..000000000
--- a/testing/tests/ikev1/alg-twofish/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>TWOFISH_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and
-<b>TWOFISH_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-twofish/evaltest.dat b/testing/tests/ikev1/alg-twofish/evaltest.dat
deleted file mode 100644
index 69e9267c3..000000000
--- a/testing/tests/ikev1/alg-twofish/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: TWOFISH_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: TWOFISH_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: TWOFISH_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: TWOFISH_256-HMAC_SHA2_256::YES
-carol::ip xfrm state::enc cbc(twofish)::YES
-moon::ip xfrm state::enc cbc(twofish)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-
diff --git a/testing/tests/ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-twofish/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 71ed47519..000000000
--- a/testing/tests/ikev1/alg-twofish/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug="control crypt"
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- ike=twofish256-sha2_512-modp4096!
- esp=twofish256-sha2_256!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-twofish/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index ba739f887..000000000
--- a/testing/tests/ikev1/alg-twofish/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug="control crypt"
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- ike=twofish256-sha2_512-modp4096!
- esp=twofish256-sha2_256!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- right=%any
- rightid=carol@strongswan.org
- auto=add
diff --git a/testing/tests/ikev1/alg-twofish/posttest.dat b/testing/tests/ikev1/alg-twofish/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/alg-twofish/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/alg-twofish/pretest.dat b/testing/tests/ikev1/alg-twofish/pretest.dat
deleted file mode 100644
index 7d077c126..000000000
--- a/testing/tests/ikev1/alg-twofish/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-twofish/test.conf b/testing/tests/ikev1/alg-twofish/test.conf
deleted file mode 100644
index a6c8f026c..000000000
--- a/testing/tests/ikev1/alg-twofish/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
index 5a360543c..343221385 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
@@ -1,3 +1,13 @@
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
openac {
load = sha1 sha2 md5 gmp random x509 pubkey
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/crl-ldap/evaltest.dat b/testing/tests/ikev1/crl-ldap/evaltest.dat
index 2b98e086a..730614c66 100644
--- a/testing/tests/ikev1/crl-ldap/evaltest.dat
+++ b/testing/tests/ikev1/crl-ldap/evaltest.dat
@@ -6,8 +6,8 @@ moon::cat /var/log/auth.log::X.509 certificate rejected::YES
carol::cat /var/log/auth.log::X.509 certificate rejected::YES
moon::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::Trying LDAP URL::YES
-carol::cat /var/log/auth.log::Trying LDAP URL::YES
+moon::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
+carol::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::cat /var/log/auth.log::written crl file::YES
diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..b15cf2d3f
--- /dev/null
+++ b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..b15cf2d3f
--- /dev/null
+++ b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..52fd0c788
--- /dev/null
+++ b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+scepclient {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..52fd0c788
--- /dev/null
+++ b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+scepclient {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/dpd-restart/evaltest.dat b/testing/tests/ikev1/dpd-restart/evaltest.dat
index 016524dd9..c35a8019e 100644
--- a/testing/tests/ikev1/dpd-restart/evaltest.dat
+++ b/testing/tests/ikev1/dpd-restart/evaltest.dat
@@ -6,5 +6,5 @@ moon::cat /var/log/auth.log::inserting event EVENT_DPD::YES
moon::cat /var/log/auth.log::DPD: No response from peer - declaring peer dead::YES
moon::cat /var/log/auth.log::DPD: Terminating all SAs using this connection::YES
moon::cat /var/log/auth.log::DPD: Restarting connection::YES
-moon::sleep 5::no output expected::NO
+moon::sleep 10::no output expected::NO
moon::ipsec status::STATE_MAIN_I4 (ISAKMP SA established)::YES
diff --git a/testing/tests/ikev1/esp-ah-transport/description.txt b/testing/tests/ikev1/esp-ah-transport/description.txt
index c7918fa38..f8ffce6e6 100644
--- a/testing/tests/ikev1/esp-ah-transport/description.txt
+++ b/testing/tests/ikev1/esp-ah-transport/description.txt
@@ -1,5 +1,5 @@
In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
+the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The transport mode connection is
tested by <b>carol</b> sending a ping to gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/esp-ah-transport/evaltest.dat b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
index 7c498ad83..526e0d96e 100644
--- a/testing/tests/ikev1/esp-ah-transport/evaltest.dat
+++ b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-;::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-;::YES
+carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_MOON::128 bytes from PH_IP_MOON: icmp_seq=1::YES
carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
diff --git a/testing/tests/ikev1/esp-ah-tunnel/description.txt b/testing/tests/ikev1/esp-ah-tunnel/description.txt
index 809f28c57..332f8177a 100644
--- a/testing/tests/ikev1/esp-ah-tunnel/description.txt
+++ b/testing/tests/ikev1/esp-ah-tunnel/description.txt
@@ -1,5 +1,5 @@
In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
+the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The tunnel mode connection is
tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind
diff --git a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
index 8f4a99641..5103a6318 100644
--- a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
+++ b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-;::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-;::YES
+carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt b/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
index fef0ac2dd..0c39352d9 100644
--- a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
+++ b/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_256/AES_XCBC_MAC</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc</b>
in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
index f464bda65..872962de4 100644
--- a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
@@ -1,8 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_256-AES_XCBC_MAC::YES
-moon::ipsec statusall::ESP algorithm newest: AES_256-AES_XCBC_MAC::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
carol::ip xfrm state::auth xcbc(aes)::YES
moon::ip xfrm state::auth xcbc(aes)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-camellia/description.txt b/testing/tests/ikev1/esp-alg-camellia/description.txt
index ead39f580..b679d03ec 100644
--- a/testing/tests/ikev1/esp-alg-camellia/description.txt
+++ b/testing/tests/ikev1/esp-alg-camellia/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>CAMELLIA_192/HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256-modp2048</b>
+<b>CAMELLIA_CBC_192 / HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256</b>
in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
index b2871dabd..1b0f3a12b 100644
--- a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: CAMELLIA_192-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: CAMELLIA_192-HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
carol::ip xfrm state::enc cbc(camellia)::YES
moon::ip xfrm state::enc cbc(camellia)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-des/evaltest.dat b/testing/tests/ikev1/esp-alg-des/evaltest.dat
index 8e06392f1..57d09a488 100644
--- a/testing/tests/ikev1/esp-alg-des/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-des/evaltest.dat
@@ -1,6 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::ESP algorithm newest: DES_0-HMAC_MD5::YES
-carol::ipsec statusall::ESP algorithm newest: DES_0-HMAC_MD5::YES
+moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
+carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
+moon::ip xfrm state::enc cbc(des)::YES
+carol::ip xfrm state::enc cbc(des)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat
index de2f2a571..8c748a54c 100644
--- a/testing/tests/ikev1/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat
@@ -1,5 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::ESP algorithm newest::NULL_0-HMAC_SHA1::YES
-carol::ipsec statusall::ESP algorithm newest::NULL_0-HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
+carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
+moon::ip xfrm state::enc ecb(cipher_null)::YES
+carol::ip xfrm state::enc ecb(cipher_null)::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
index b939e4fda..3c9fdbb71 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes-128-sha
+ ike=aes-sha1
esp=null-sha1!
conn home
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
index 9ca761cb5..62f17df49 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha!
+ ike=aes-sha1!
esp=null-sha1!
conn rw
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/description.txt b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
index 03c655480..252080e80 100644
--- a/testing/tests/ikev1/esp-alg-strict-fail/description.txt
+++ b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
+<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
+<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
index 6f2024ff9..83d99bea1 100644
--- a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
@@ -1,9 +1,9 @@
carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
-carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
+carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::YES
-moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
+moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*ISAKMP SA established::NO
-moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES
+moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
moon::cat /var/log/auth.log::no acceptable Proposal in IPsec SA::YES
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
index f61cfc6bb..21997940b 100755
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha
+ ike=3des-sha1
esp=3des-sha1
conn home
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
index 5bf53b8bc..14f58ccc3 100755
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha
+ ike=aes128-sha1
esp=aes128-sha1!
conn rw
diff --git a/testing/tests/ikev1/esp-alg-strict/description.txt b/testing/tests/ikev1/esp-alg-strict/description.txt
index b4fc08253..149a1e013 100644
--- a/testing/tests/ikev1/esp-alg-strict/description.txt
+++ b/testing/tests/ikev1/esp-alg-strict/description.txt
@@ -1,7 +1,7 @@
-Roadwarrior <b>carol</b> proposes <b>3DES</b> encryption (together with
-SHA-1 authentication) in the first place and <b>AES-128</b> encryption in
+Roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption (together with
+HMAC_SHA1 authentication) in the first place and <b>AES_CBC_128</b> encryption in
second place for both the ISAKMP and IPsec SAs. Gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> but will accept any other supported algorithm proposed
+<b>ike=aes128-sha1</b> but will accept any other supported algorithm proposed
by the peer during Phase 1. But for ESP encryption <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by applying the strict flag '!'.
+<b>esp=aes128-sha1!</b> by applying the strict flag '!'.
diff --git a/testing/tests/ikev1/esp-alg-strict/evaltest.dat b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
index d5dd12d4e..912a8d830 100644
--- a/testing/tests/ikev1/esp-alg-strict/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES
-moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
-carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
+moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
+moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
+carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
index 0ae6b0693..7e2de30cd 100755
--- a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha,aes-128-sha
- esp=3des-sha1,aes-128-sha1
+ ike=3des-sha,aes128-sha1
+ esp=3des-sha1,aes128-sha1
conn home
left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
index 5bf53b8bc..14f58ccc3 100755
--- a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha
+ ike=aes128-sha1
esp=aes128-sha1!
conn rw
diff --git a/testing/tests/ikev1/esp-alg-weak/description.txt b/testing/tests/ikev1/esp-alg-weak/description.txt
index ffb6882f5..e49b6c620 100644
--- a/testing/tests/ikev1/esp-alg-weak/description.txt
+++ b/testing/tests/ikev1/esp-alg-weak/description.txt
@@ -1,4 +1,4 @@
-The roadwarrior <b>carol</b> proposes <b>1DES</b> encryption with MD5 authentication
+The roadwarrior <b>carol</b> proposes <b>DES_CBC</b> encryption with HMAC_MD5 authentication
as the only cipher suite for the IPsec SA. Because gateway <b>moon</b> does
not use an explicit <b>esp</b> statement any strong encryption algorithm will be
accepted but any weak key length will be rejected by default and thus the ISAKMP SA
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/description.txt b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
index a347a3fed..a0bda209c 100644
--- a/testing/tests/ikev1/ike-alg-sha2_384/description.txt
+++ b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>AES_CBC_192-SHA2_384-MODP4096</b> for the IKE protocol and
-<b>AES_192-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_192 / HMAC_SHA2_384 / MODP4096</b> for the IKE protocol and
+<b>AES_CBC_192 /HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
index 31959f53a..a4cc39150 100644
--- a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
@@ -1,8 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
-moon::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
-carol::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/ike-alg-sha2_512/description.txt b/testing/tests/ikev1/ike-alg-sha2_512/description.txt
index 1bec4b8c6..240b8f2b0 100644
--- a/testing/tests/ikev1/ike-alg-sha2_512/description.txt
+++ b/testing/tests/ikev1/ike-alg-sha2_512/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the paranoid cipher suite
-<b>AES_CBC_256-SHA2_512-MODP8192</b> for the IKE protocol and
-<b>AES_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_256 / HMAC_SHA2_512 / MODP_8192</b> for the IKE protocol and
+<b>AES_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
index dbd35429c..10929457f 100644
--- a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
@@ -1,8 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_256-SHA2_512-MODP8192::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_256-SHA2_512-MODP8192::YES
-moon::ipsec statusall::ESP algorithm newest: AES_256-HMAC_SHA2_256::YES
-carol::ipsec statusall::ESP algorithm newest: AES_256-HMAC_SHA2_256::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/description.txt b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
index 03c655480..252080e80 100644
--- a/testing/tests/ikev1/ike-alg-strict-fail/description.txt
+++ b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
+<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
+<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
index 931b8855a..0c6bc7f7e 100644
--- a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
@@ -1,5 +1,5 @@
carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
-moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES
+moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
moon::cat /var/log/auth.log::no acceptable Oakley Transform::YES
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
index cbe5469f0..63ad1c01d 100755
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha
+ ike=3des-sha1
esp=3des-sha1
conn home
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
index 42e5f8404..1ea5fe7a5 100755
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha!
+ ike=aes128-sha1!
esp=aes128-sha1
conn rw
diff --git a/testing/tests/ikev1/ike-alg-strict/description.txt b/testing/tests/ikev1/ike-alg-strict/description.txt
index 35d266e20..af93b95c3 100644
--- a/testing/tests/ikev1/ike-alg-strict/description.txt
+++ b/testing/tests/ikev1/ike-alg-strict/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with <b>SHA-1</b> authentication in the first place
-and <b>AES-128</b> encryption with <b>SHA-1</b> authentication in the second place for both the ISAKMP and IPsec SA.
-The gateway <b>moon</b> enforces <b>ike=aes-128-sha!</b> for Phase 1 by using the strict flag '!',
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with <b>HMAC_SHA1</b> authentication in the first place
+and <b>AES_CBC_128</b> encryption with <b>HMAC_SHA1</b> authentication in the second place for both the ISAKMP and IPsec SA.
+The gateway <b>moon</b> enforces <b>ike=aes128-sha!</b> for Phase 1 by using the strict flag '!',
but will accept any other supported algorithm proposed by the peer for Phase 2 , even though <b>moon</b>
-defines itself <b>esp=aes-128-sha1</b> only.
+defines itself <b>esp=aes128-sha1</b> only.
diff --git a/testing/tests/ikev1/ike-alg-strict/evaltest.dat b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
index 46140be8a..8acd0d039 100644
--- a/testing/tests/ikev1/ike-alg-strict/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES
-moon::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES
-carol::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES
+moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA::YES
+carol::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
index b8e2257c4..9272bdc7f 100755
--- a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha,aes-128-sha
- esp=3des-sha1,aes-128-sha1
+ ike=3des-sha1,aes128-sha1
+ esp=3des-sha1,aes128-sha1
conn home
left=PH_IP_CAROL
leftcert=carolCert.pem
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
index 42e5f8404..1ea5fe7a5 100755
--- a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha!
+ ike=aes128-sha1!
esp=aes128-sha1
conn rw
diff --git a/testing/tests/ikev1/mode-config/evaltest.dat b/testing/tests/ikev1/mode-config/evaltest.dat
index 9d60cf7b0..69f77946e 100644
--- a/testing/tests/ikev1/mode-config/evaltest.dat
+++ b/testing/tests/ikev1/mode-config/evaltest.dat
@@ -1,4 +1,6 @@
carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES
+carol::cat /var/log/auth.log::received IPv6 DNS server address fec1\:\:20::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3e950c81d
--- /dev/null
+++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+ dns1 = PH_IP_WINNETOU
+ dns2 = PH_IP6_VENUS
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
index f504706e2..9cfa502aa 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
+++ b/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
@@ -2,7 +2,7 @@ moon::cat /var/log/auth.log::PH_IP_CAROL.*X.509 certificate rejected::YES
carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
moon::cat /var/log/auth.log::PH_IP_DAVE.*X.509 certificate rejected::YES
dave::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::Trying LDAP URL::YES
+moon::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..b15cf2d3f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..b15cf2d3f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..b15cf2d3f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/no-priv-key/evaltest.dat b/testing/tests/ikev1/no-priv-key/evaltest.dat
index 9bd85ba12..c2612167a 100644
--- a/testing/tests/ikev1/no-priv-key/evaltest.dat
+++ b/testing/tests/ikev1/no-priv-key/evaltest.dat
@@ -1,4 +1,4 @@
-carol::cat /var/log/auth.log::unable to locate my private key for RSA Signature::YES
-moon::cat /var/log/auth.log::ignoring informational payload, type AUTHENTICATION_FAILED::YES
+carol::cat /var/log/auth.log::unable to locate my private key::YES
+carol::cat /var/log/auth.log::empty ISAKMP SA proposal to send::YES
moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
diff --git a/testing/tests/ikev1/protoport-route/evaltest.dat b/testing/tests/ikev1/protoport-route/evaltest.dat
index 759295675..b266d86d8 100644
--- a/testing/tests/ikev1/protoport-route/evaltest.dat
+++ b/testing/tests/ikev1/protoport-route/evaltest.dat
@@ -1,5 +1,5 @@
-carol::ping -c 2 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
-carol::ping -c 2 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
carol::ssh PH_IP_ALICE hostname::alice::YES
carol::cat /var/log/auth.log::initiate on demand::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
diff --git a/testing/tests/ikev1/protoport-route/pretest.dat b/testing/tests/ikev1/protoport-route/pretest.dat
index f233ad48f..b1fc81827 100644
--- a/testing/tests/ikev1/protoport-route/pretest.dat
+++ b/testing/tests/ikev1/protoport-route/pretest.dat
@@ -2,5 +2,7 @@ moon::/etc/init.d/iptables start 2> /dev/null
carol::/etc/init.d/iptables start 2> /dev/null
moon::ipsec start
carol::ipsec start
+carol::sleep 1
+carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname
+carol::ping -c 1 PH_IP_ALICE > /dev/null
carol::sleep 2
-carol::ssh PH_IP_ALICE hostname
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..52fd0c788
--- /dev/null
+++ b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+scepclient {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..52fd0c788
--- /dev/null
+++ b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+scepclient {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..304ef99e0
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+ crypto_test {
+ on_add = yes
+ }
+}
diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..304ef99e0
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+ crypto_test {
+ on_add = yes
+ }
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat
index 9e1354121..5ab6632cc 100644
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat
+++ b/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat
@@ -2,6 +2,6 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::cat /var/log/auth.log::peer requests PSK authentication::YES
moon::ipsec status::rw-psk.*PH_IP_CAROL STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::peer requests RSASIG authentication::YES
+moon::cat /var/log/auth.log::peer requests PUBKEY authentication::YES
moon::ipsec status::rw-rsasig.*PH_IP_DAVE STATE_QUICK_R2.*IPsec SA established::YES
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat b/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat
index 188b7bbb5..849ae5d66 100644
--- a/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat
+++ b/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat
@@ -1,5 +1,5 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::cat /var/log/auth.log::peer requests RSASIG authentication::YES
-moon::cat /var/log/auth.log::but no connection has been authorized with policy=RSASIG::YES
+moon::cat /var/log/auth.log::peer requests PUBKEY authentication::YES
+moon::cat /var/log/auth.log::but no connection has been authorized with policy=PUBKEY::YES
moon::ipsec status::*PH_IP_CAROL STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..52fd0c788
--- /dev/null
+++ b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+scepclient {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..52fd0c788
--- /dev/null
+++ b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+scepclient {
+ load = sha1 sha2 md5 aes des hmac gmp pubkey random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk-mode-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk-mode-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/xauth-psk-mode-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk-mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk-mode-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/xauth-psk-mode-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85e5f1aee
--- /dev/null
+++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac gmp random
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}