summaryrefslogtreecommitdiff
path: root/testing/tests/ikev1/net2net-ah
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/ikev1/net2net-ah')
-rw-r--r--testing/tests/ikev1/net2net-ah/description.txt6
-rw-r--r--testing/tests/ikev1/net2net-ah/evaltest.dat8
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf4
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf4
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf2
6 files changed, 13 insertions, 13 deletions
diff --git a/testing/tests/ikev1/net2net-ah/description.txt b/testing/tests/ikev1/net2net-ah/description.txt
index 7ced7a551..fbe4a777d 100644
--- a/testing/tests/ikev1/net2net-ah/description.txt
+++ b/testing/tests/ikev1/net2net-ah/description.txt
@@ -1,8 +1,8 @@
A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b>
is set up using the IKEv1 protocol.
-With <b>ah=md5,sha1</b> gateway <b>moon</b> proposes the use of an
-<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection
-with its <b>ah=sha1!</b> configuration.
+With <b>ah=sha1,sha256!</b> gateway <b>moon</b> proposes the use of <b>AH</b>.
+Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its
+<b>ah=sha256!</b> configuration.
<p/>
Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind
gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/net2net-ah/evaltest.dat b/testing/tests/ikev1/net2net-ah/evaltest.dat
index d13369f05..34a1cde9a 100644
--- a/testing/tests/ikev1/net2net-ah/evaltest.dat
+++ b/testing/tests/ikev1/net2net-ah/evaltest.dat
@@ -1,5 +1,5 @@
-sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_MD5_96/NO_EXT_SEQ, AH:HMAC_SHA1_96/NO_EXT_SEQ::YES
-sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/NO_EXT_SEQ, AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES
moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
@@ -7,5 +7,5 @@ sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
-moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
-sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
+moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES
+sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
index d062dfe57..d6e251dba 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -5,8 +5,8 @@ config setup
conn %default
keyexchange=ikev1
- ike=aes128-sha1-modp1536!
- ah=md5,sha1
+ ike=aes128-sha256-modp3072!
+ ah=sha1,sha256!
conn net-net
left=PH_IP_MOON
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
index ddba8b199..02ae5affa 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
index c374adfc4..7c0490d59 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -5,8 +5,8 @@ config setup
conn %default
keyexchange=ikev1
- ike=aes128-sha1-modp1536!
- ah=sha1!
+ ike=aes128-sha256-modp3072!
+ ah=sha256!
conn net-net
left=PH_IP_SUN
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
index ddba8b199..02ae5affa 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-15 13:55:44 +0000