diff options
Diffstat (limited to 'testing/tests/ikev1/esp-alg-strict-fail')
4 files changed, 8 insertions, 8 deletions
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/description.txt b/testing/tests/ikev1/esp-alg-strict-fail/description.txt index 03c655480..252080e80 100644 --- a/testing/tests/ikev1/esp-alg-strict-fail/description.txt +++ b/testing/tests/ikev1/esp-alg-strict-fail/description.txt @@ -1,5 +1,5 @@ -The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication +The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines -<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer, +<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer, leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces -<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail. +<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail. diff --git a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat index 6f2024ff9..83d99bea1 100644 --- a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat @@ -1,9 +1,9 @@ carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::YES -carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES +carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::YES -moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES +moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES moon::ipsec status::rw.*STATE_QUICK_R2.*ISAKMP SA established::NO -moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES +moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES moon::cat /var/log/auth.log::no acceptable Proposal in IPsec SA::YES diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf index f61cfc6bb..21997940b 100755 --- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=3des-sha + ike=3des-sha1 esp=3des-sha1 conn home diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf index 5bf53b8bc..14f58ccc3 100755 --- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha + ike=aes128-sha1 esp=aes128-sha1! conn rw |