summaryrefslogtreecommitdiff
path: root/testing/tests/swanctl/rw-psk-ikev1
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/swanctl/rw-psk-ikev1')
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/evaltest.dat8
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf4
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf8
7 files changed, 18 insertions, 18 deletions
diff --git a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
index 097489da5..3eacc397d 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
@@ -4,10 +4,10 @@ alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO
venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE25519.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32]
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
index 8c0f03f0a..e539ea5f4 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = random openssl
}
charon {
- load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
index dcfcd0b4e..35fbfdac8 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
remote_ts = 10.1.0.0/28
updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp2048
+ esp_proposals = aes128gcm128-x25519
}
}
version = 1
- proposals = aes128-sha256-modp2048
+ proposals = aes128-sha256-x25519
}
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
index df1424dde..02f6c1b36 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = random openssl
}
charon {
- load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
index 8cd79ea20..cc6e93652 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
remote_ts = 10.1.0.17-10.1.0.20
updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes192gcm128-modp3072
+ esp_proposals = aes192gcm128-modp4096
}
}
version = 1
- proposals = aes192-sha384-modp3072
+ proposals = aes192-sha384-modp4096
}
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
index 5f2190192..c42979965 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = random openssl
}
charon {
- load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
index be1bf8afe..cd9c45504 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
local_ts = 10.1.0.0/28
updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp2048
+ esp_proposals = aes128gcm128-x25519
}
}
version = 1
- proposals = aes128-sha256-modp2048
+ proposals = aes128-sha256-x25519
}
rw-2 {
@@ -37,11 +37,11 @@ connections {
local_ts = 10.1.0.17-10.1.0.20
updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes192gcm128-modp3072
+ esp_proposals = aes192gcm128-modp4096
}
}
version = 1
- proposals = aes192-sha384-modp3072
+ proposals = aes192-sha384-modp4096
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-25 08:24:48 +0000