diff options
Diffstat (limited to 'testing/tests/ikev1/esp-alg-strict')
4 files changed, 12 insertions, 12 deletions
diff --git a/testing/tests/ikev1/esp-alg-strict/description.txt b/testing/tests/ikev1/esp-alg-strict/description.txt index b4fc08253..149a1e013 100644 --- a/testing/tests/ikev1/esp-alg-strict/description.txt +++ b/testing/tests/ikev1/esp-alg-strict/description.txt @@ -1,7 +1,7 @@ -Roadwarrior <b>carol</b> proposes <b>3DES</b> encryption (together with -SHA-1 authentication) in the first place and <b>AES-128</b> encryption in +Roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption (together with +HMAC_SHA1 authentication) in the first place and <b>AES_CBC_128</b> encryption in second place for both the ISAKMP and IPsec SAs. Gateway <b>moon</b> defines -<b>ike=aes-128-sha</b> but will accept any other supported algorithm proposed +<b>ike=aes128-sha1</b> but will accept any other supported algorithm proposed by the peer during Phase 1. But for ESP encryption <b>moon</b> enforces -<b>esp=aes-128-sha1!</b> by applying the strict flag '!'. +<b>esp=aes128-sha1!</b> by applying the strict flag '!'. diff --git a/testing/tests/ikev1/esp-alg-strict/evaltest.dat b/testing/tests/ikev1/esp-alg-strict/evaltest.dat index d5dd12d4e..912a8d830 100644 --- a/testing/tests/ikev1/esp-alg-strict/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-strict/evaltest.dat @@ -1,7 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES -moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES -moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES -carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES -carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES +moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES +moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES +moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES +carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES +carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf index 0ae6b0693..7e2de30cd 100755 --- a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=3des-sha,aes-128-sha - esp=3des-sha1,aes-128-sha1 + ike=3des-sha,aes128-sha1 + esp=3des-sha1,aes128-sha1 conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf index 5bf53b8bc..14f58ccc3 100755 --- a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha + ike=aes128-sha1 esp=aes128-sha1! conn rw |