diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
| commit | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (patch) | |
| tree | 302c618be306d4ed3c7f9fc58a1f6aaad4dd252f /testing/tests/ikev1 | |
| parent | 25663e04c3ab01ef8dc9f906608282319cfea2db (diff) | |
| download | vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.tar.gz vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.zip | |
New upstream version 5.5.2
Diffstat (limited to 'testing/tests/ikev1')
171 files changed, 210 insertions, 299 deletions
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf index f585edfca..66ff24601 100644 --- a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf index 1f0fd41a8..d69a7b808 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha256/description.txt b/testing/tests/ikev1/alg-sha256/description.txt index 826a8f10b..f7e53913c 100644 --- a/testing/tests/ikev1/alg-sha256/description.txt +++ b/testing/tests/ikev1/alg-sha256/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b> +<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat index 8cbac4ff3..d9ff9475e 100644 --- a/testing/tests/ikev1/alg-sha256/evaltest.dat +++ b/testing/tests/ikev1/alg-sha256/evaltest.dat @@ -2,11 +2,11 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES -carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/CURVE_25519,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/CURVE_25519,::YES moon:: ip xfrm state::auth-trunc hmac(sha256)::YES carol::ip xfrm state::auth-trunc hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf index 1c227978e..25fce1881 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf index 177aebf52..b3e5df10b 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha384/description.txt b/testing/tests/ikev1/alg-sha384/description.txt index 2255fe8fb..f96ea5c4f 100644 --- a/testing/tests/ikev1/alg-sha384/description.txt +++ b/testing/tests/ikev1/alg-sha384/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b> +<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat index 166aa8120..3a533566f 100644 --- a/testing/tests/ikev1/alg-sha384/evaltest.dat +++ b/testing/tests/ikev1/alg-sha384/evaltest.dat @@ -2,11 +2,11 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES -carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/CURVE_25519,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/CURVE_25519,::YES moon:: ip xfrm state::auth-trunc hmac(sha384)::YES carol::ip xfrm state::auth-trunc hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf index 6f1519f2c..9e7f48868 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-curve25519! + esp=aes192-sha384-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf index 919ee9b09..d4c4a6f6d 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-curve25519! + esp=aes192-sha384-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf index 5d1c35cc2..0fbefa3fc 100644 --- a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf index 5d1c35cc2..729db4526 100644 --- a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf index de6bda2d1..b8817fe13 100644 --- a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf index 5d1c35cc2..0fbefa3fc 100644 --- a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf index 5d1c35cc2..729db4526 100644 --- a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf index de6bda2d1..b8817fe13 100644 --- a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt index 9fe03b010..40cc82128 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-modp2048</b> or alternatively -<b>esp=aes128ccm96-modp2048</b> in ipsec.conf. +<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-curve25519</b> or alternatively +<b>esp=aes128ccm96-curve25519</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf index 1cef8f8c5..35b96c1a4 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp2048! - esp=aes128ccm96-modp2048! + ike=aes128-sha256-curve25519! + esp=aes128ccm96-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf index f295f159a..9692b64f7 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf index 72163aeec..40251f7d9 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp2048! - esp=aes128ccm12-modp2048! + ike=aes128-sha256-curve25519! + esp=aes128ccm12-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf index f295f159a..cbfd676a4 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt index fbcc48022..5858267b3 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt @@ -1,3 +1,3 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CTR_256 / AES_XCBC_96</b> by defining <b>esp=aes256ctr-aesxcbc-modp2048</b> in ipsec.conf. +<b>AES_CTR_256 / AES_XCBC_96</b> by defining <b>esp=aes256ctr-aesxcbc-curve25519</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf index 08ff7dab2..ac835d07d 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256ctr-aesxcbc-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256ctr-aesxcbc-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf index cae7e00ca..913afb404 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf index f712ed86d..5c7bbf863 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256ctr-aesxcbc-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256ctr-aesxcbc-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf index cae7e00ca..8cbe58f19 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt index bd9521e0d..f112af6ef 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-modp2048</b> or alternatively -<b>esp=aes256gcm128-modp2048</b> in ipsec.conf. +<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-curve25519</b> or alternatively +<b>esp=aes256gcm128-curve25519</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf index 125ce919e..6dddc28cf 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256gcm128-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256gcm128-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf index e396bb199..1d1cd4e93 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf index b5821cd07..d98aaeafe 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256gcm16-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256gcm16-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf index e396bb199..369c2946f 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt index 823ec253d..0d5eb1015 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only -ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b> +ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-curve25519!</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index 5ad63657b..c6d77ca68 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-sha256-curve25519! + esp=aes256gmac-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index fba69aba3..f42aad256 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-sha256-curve25519! + esp=aes256gmac-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf index 94eb96f38..a653bcd77 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! + ike=aes256-sha256-curve25519! esp=aes256-aesxcbc! conn home diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf index f585edfca..c5200b071 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf index dbc468571..3e37c3cf0 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! + ike=aes256-sha256-curve25519! esp=aes256-aesxcbc! conn rw diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf index f585edfca..e0561f3ff 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat index d9888a15d..b80e9f781 100644 --- a/testing/tests/ikev1/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat @@ -3,9 +3,9 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 176::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 176::YES diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf index cd93d795f..d43629158 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-curve25519! + esp=null-sha256! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf index 2e9b8de65..c17c5815e 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-curve25519! + esp=null-sha256! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf index 7d97dd229..c22405914 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown plugins { attr-sql { diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-ah/description.txt b/testing/tests/ikev1/net2net-ah/description.txt index 7ced7a551..fbe4a777d 100644 --- a/testing/tests/ikev1/net2net-ah/description.txt +++ b/testing/tests/ikev1/net2net-ah/description.txt @@ -1,8 +1,8 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up using the IKEv1 protocol. -With <b>ah=md5,sha1</b> gateway <b>moon</b> proposes the use of an -<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection -with its <b>ah=sha1!</b> configuration. +With <b>ah=sha1,sha256!</b> gateway <b>moon</b> proposes the use of <b>AH</b>. +Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its +<b>ah=sha256!</b> configuration. <p/> Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/ikev1/net2net-ah/evaltest.dat b/testing/tests/ikev1/net2net-ah/evaltest.dat index d13369f05..34a1cde9a 100644 --- a/testing/tests/ikev1/net2net-ah/evaltest.dat +++ b/testing/tests/ikev1/net2net-ah/evaltest.dat @@ -1,5 +1,5 @@ -sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_MD5_96/NO_EXT_SEQ, AH:HMAC_SHA1_96/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/NO_EXT_SEQ, AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES @@ -7,5 +7,5 @@ sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES -moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES -sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES +moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES +sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf index d062dfe57..d6e251dba 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev1 - ike=aes128-sha1-modp1536! - ah=md5,sha1 + ike=aes128-sha256-modp3072! + ah=sha1,sha256! conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf index c374adfc4..7c0490d59 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev1 - ike=aes128-sha1-modp1536! - ah=sha1! + ike=aes128-sha256-modp3072! + ah=sha256! conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/net2net-esn/description.txt b/testing/tests/ikev1/net2net-esn/description.txt index 13bb62b1d..6318c55c6 100644 --- a/testing/tests/ikev1/net2net-esn/description.txt +++ b/testing/tests/ikev1/net2net-esn/description.txt @@ -1,6 +1,6 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. -With <b>esp=aes128-sha1-esn!</b> gateway <b>moon</b> proposes the use of -<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha1-esn-noesn!</b>, +With <b>esp=aes128-sha256-esn!</b> gateway <b>moon</b> proposes the use of +<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha256-esn-noesn!</b>, accepting proposals with and without ESN. <p/> Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind diff --git a/testing/tests/ikev1/net2net-esn/evaltest.dat b/testing/tests/ikev1/net2net-esn/evaltest.dat index d8d7cb446..8fa6893fd 100644 --- a/testing/tests/ikev1/net2net-esn/evaltest.dat +++ b/testing/tests/ikev1/net2net-esn/evaltest.dat @@ -1,6 +1,6 @@ -sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES -sun:: cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES @@ -12,6 +12,6 @@ moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES -moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES -sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf index 892907200..4fcff4a89 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn! conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf index 666e32def..2e81bfd04 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn-noesn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn-noesn! conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf index e66301482..14cd6e43c 100644 --- a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf @@ -1,8 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf index e66301482..14cd6e43c 100644 --- a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf @@ -1,8 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 3925d92a4..38df6a919 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index fafe267a6..7a578d242 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf index 248642530..955514391 100644 --- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf index 248642530..955514391 100644 --- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf index 33c50d171..af5fa19ef 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf index 33c50d171..93f434598 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf index 33c50d171..93f434598 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf index c43d34ae9..5df879c6b 100644 --- a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf @@ -1,8 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default unity - + load = random nonce aes sha1 sha2 md5 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default unity cisco_unity = yes - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf index cb696bd3a..b925166b9 100644 --- a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf @@ -1,10 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity - + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default attr unity cisco_unity = yes - dh_exponent_ansi_x9_42 = no plugins { attr { diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf index 86827b23b..7e579273b 100644 --- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - dh_exponent_ansi_x9_42 = no integrity_test = yes crypto_test { diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf index 86827b23b..7e579273b 100644 --- a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - dh_exponent_ansi_x9_42 = no integrity_test = yes crypto_test { diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf index 86827b23b..7e579273b 100644 --- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - dh_exponent_ansi_x9_42 = no integrity_test = yes crypto_test { diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf index 73b0885d0..ff775e5f9 100644 --- a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown initiator_only = yes } diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf index 094e0effa..c58fdbcd7 100644 --- a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf index 094e0effa..c58fdbcd7 100644 --- a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf index 708a71c7e..bcafd86ba 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown i_dont_care_about_security_and_use_aggressive_mode_psk = yes } diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf index c08fab86e..d6dcd99d0 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf index 66054d0f9..d6dcd99d0 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf index 02e7618d3..4f0b4be87 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic attr kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic attr kernel-netlink socket-default stroke updown dns1 = 192.168.0.150 dns2 = 10.1.0.20 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf index f65197bef..73a4271bd 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf index f65197bef..73a4271bd 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf index f65197bef..73a4271bd 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf index 09b9264ae..41fa522c8 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -1,9 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-md5 xauth-eap updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-md5 xauth-eap updown plugins { eap-radius { diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf index a6e1ba46b..2f8caca10 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf @@ -1,9 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown plugins { eap-radius { diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } |