diff options
Diffstat (limited to 'testing/tests/ikev1/ike-alg-strict')
4 files changed, 12 insertions, 12 deletions
diff --git a/testing/tests/ikev1/ike-alg-strict/description.txt b/testing/tests/ikev1/ike-alg-strict/description.txt index 35d266e20..af93b95c3 100644 --- a/testing/tests/ikev1/ike-alg-strict/description.txt +++ b/testing/tests/ikev1/ike-alg-strict/description.txt @@ -1,5 +1,5 @@ -The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with <b>SHA-1</b> authentication in the first place -and <b>AES-128</b> encryption with <b>SHA-1</b> authentication in the second place for both the ISAKMP and IPsec SA. -The gateway <b>moon</b> enforces <b>ike=aes-128-sha!</b> for Phase 1 by using the strict flag '!', +The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with <b>HMAC_SHA1</b> authentication in the first place +and <b>AES_CBC_128</b> encryption with <b>HMAC_SHA1</b> authentication in the second place for both the ISAKMP and IPsec SA. +The gateway <b>moon</b> enforces <b>ike=aes128-sha!</b> for Phase 1 by using the strict flag '!', but will accept any other supported algorithm proposed by the peer for Phase 2 , even though <b>moon</b> -defines itself <b>esp=aes-128-sha1</b> only. +defines itself <b>esp=aes128-sha1</b> only. diff --git a/testing/tests/ikev1/ike-alg-strict/evaltest.dat b/testing/tests/ikev1/ike-alg-strict/evaltest.dat index 46140be8a..8acd0d039 100644 --- a/testing/tests/ikev1/ike-alg-strict/evaltest.dat +++ b/testing/tests/ikev1/ike-alg-strict/evaltest.dat @@ -1,7 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES -moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES -moon::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES -carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES -carol::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES +moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES +moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1::YES +moon::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES +carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA::YES +carol::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf index b8e2257c4..9272bdc7f 100755 --- a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=3des-sha,aes-128-sha - esp=3des-sha1,aes-128-sha1 + ike=3des-sha1,aes128-sha1 + esp=3des-sha1,aes128-sha1 conn home left=PH_IP_CAROL leftcert=carolCert.pem diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf index 42e5f8404..1ea5fe7a5 100755 --- a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha! + ike=aes128-sha1! esp=aes128-sha1 conn rw |