diff options
Diffstat (limited to 'testing')
963 files changed, 7283 insertions, 1477 deletions
diff --git a/testing/Makefile.in b/testing/Makefile.in index 58fd2eb06..495fbebb9 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -274,7 +274,6 @@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ -h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -309,6 +308,7 @@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ diff --git a/testing/config/kernel/config-4.10 b/testing/config/kernel/config-4.10 new file mode 100644 index 000000000..1795dfd46 --- /dev/null +++ b/testing/config/kernel/config-4.10 @@ -0,0 +1,2524 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.10.0 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DEBUG_RODATA=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_FHANDLE=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_NMI_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_POSIX_TIMERS=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set +# CONFIG_BLK_WBT is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_BLK_MQ_PCI=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_INTEL_RDT_A is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_ZONE_DEVICE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI host controller drivers +# +# CONFIG_PCIE_DW_PLAT is not set +# CONFIG_VMD is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +# CONFIG_IPV6_FOU is not set +# CONFIG_IPV6_FOU_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_IPMAC is not set +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_STREAM_PARSER is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +CONFIG_MACSEC=y +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_AMD_XGBE is not set +# CONFIG_AMD_XGBE_HAVE_ECC is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP_NETVF is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MAYFLASH is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_MLX_CPLD_PLATFORM is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# + +# +# Broadcom SoC drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set +# CONFIG_EFI_DEV_PATH_PARSER is not set + +# +# Tegra firmware driver +# + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_STACK_VALIDATION is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +CONFIG_CRYPTO_ACOMP2=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256_MB=y +CONFIG_CRYPTO_SHA512_MB=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +# CONFIG_SG_SPLIT is not set +# CONFIG_SG_POOL is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y +CONFIG_SBITMAP=y diff --git a/testing/config/kernel/config-4.9 b/testing/config/kernel/config-4.9 new file mode 100644 index 000000000..95a5f8c8f --- /dev/null +++ b/testing/config/kernel/config-4.9 @@ -0,0 +1,2502 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.9.0 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DEBUG_RODATA=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_BROKEN_ON_SMP=y +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +CONFIG_CROSS_MEMORY_ATTACH=y +CONFIG_FHANDLE=y +CONFIG_USELIB=y +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TINY_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +# CONFIG_RCU_STALL_COMMON is not set +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_LOG_BUF_SHIFT=14 +CONFIG_NMI_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_SUPPORTS_INT128=y +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_SWAP_ENABLED=y +CONFIG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set +# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_NAMESPACES=y +# CONFIG_UTS_NS is not set +# CONFIG_IPC_NS is not set +# CONFIG_USER_NS is not set +# CONFIG_PID_NS is not set +# CONFIG_NET_NS is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +# CONFIG_BLK_DEV_INITRD is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_SYSCTL=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +# CONFIG_SYSCTL_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_ADVISE_SYSCALLS=y +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +CONFIG_MEMBARRIER=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_COMPAT_BRK=y +CONFIG_SLAB=y +# CONFIG_SLUB is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_JUMP_LABEL is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +CONFIG_CC_STACKPROTECTOR_REGULAR=y +# CONFIG_CC_STACKPROTECTOR_STRONG is not set +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_SLABINFO=y +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +# CONFIG_MODULES is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +# CONFIG_BLK_DEV_BSG is not set +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_BLK_MQ_PCI=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +CONFIG_IOSCHED_DEADLINE=y +CONFIG_IOSCHED_CFQ=y +# CONFIG_CFQ_GROUP_IOSCHED is not set +# CONFIG_DEFAULT_DEADLINE is not set +CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_NOOP is not set +CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_FREEZER=y + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +# CONFIG_SMP is not set +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +CONFIG_MCORE2=y +# CONFIG_MATOM is not set +# CONFIG_GENERIC_CPU is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_INTEL_USERCOPY=y +CONFIG_X86_USE_PPRO_CHECKSUM=y +CONFIG_X86_P6_NOP=y +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +CONFIG_NR_CPUS=1 +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +CONFIG_UP_LATE_INIT=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +# CONFIG_MICROCODE_AMD is not set +CONFIG_MICROCODE_OLD_INTERFACE=y +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +# CONFIG_COMPACTION is not set +CONFIG_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_BOUNCE=y +CONFIG_VIRT_TO_BUS=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_KM=y +# CONFIG_CLEANCACHE is not set +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +# CONFIG_ZONE_DEVICE is not set +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +# CONFIG_X86_INTEL_MPX is not set +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +# CONFIG_EFI is not set +CONFIG_SECCOMP=y +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +# CONFIG_RANDOMIZE_BASE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y + +# +# Power management and ACPI options +# +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_HIBERNATION is not set +CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SLEEP=y +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +# CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +# CONFIG_ACPI_HOTPLUG_MEMORY is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +CONFIG_HT_IRQ=y +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI host controller drivers +# +# CONFIG_PCIE_DW_PLAT is not set +# CONFIG_VMD is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +CONFIG_COREDUMP=y +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +# CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_IPCOMP=y +CONFIG_NET_KEY=y +CONFIG_NET_KEY_MIGRATE=y +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +CONFIG_NET_UDP_TUNNEL=y +# CONFIG_NET_FOU is not set +CONFIG_INET_AH=y +CONFIG_INET_ESP=y +CONFIG_INET_IPCOMP=y +CONFIG_INET_XFRM_TUNNEL=y +CONFIG_INET_TUNNEL=y +CONFIG_INET_XFRM_MODE_TRANSPORT=y +CONFIG_INET_XFRM_MODE_TUNNEL=y +CONFIG_INET_XFRM_MODE_BEET=y +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +# CONFIG_INET_UDP_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=y +CONFIG_INET6_TUNNEL=y +CONFIG_INET6_XFRM_MODE_TRANSPORT=y +CONFIG_INET6_XFRM_MODE_TUNNEL=y +CONFIG_INET6_XFRM_MODE_BEET=y +# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +CONFIG_IPV6_TUNNEL=y +# CONFIG_IPV6_FOU is not set +# CONFIG_IPV6_FOU_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +# CONFIG_IPV6_MROUTE is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NET_PTP_CLASSIFY is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_DEBUG is not set +CONFIG_NETFILTER_ADVANCED=y + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +# CONFIG_NETFILTER_NETLINK_ACCT is not set +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_COMMON=y +CONFIG_NF_CONNTRACK_MARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +# CONFIG_NF_CONNTRACK_TIMEOUT is not set +# CONFIG_NF_CONNTRACK_TIMESTAMP is not set +# CONFIG_NF_CT_PROTO_DCCP is not set +# CONFIG_NF_CT_PROTO_SCTP is not set +CONFIG_NF_CT_PROTO_UDPLITE=y +# CONFIG_NF_CONNTRACK_AMANDA is not set +# CONFIG_NF_CONNTRACK_FTP is not set +# CONFIG_NF_CONNTRACK_H323 is not set +# CONFIG_NF_CONNTRACK_IRC is not set +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +# CONFIG_NF_CONNTRACK_SNMP is not set +# CONFIG_NF_CONNTRACK_PPTP is not set +CONFIG_NF_CONNTRACK_SANE=y +# CONFIG_NF_CONNTRACK_SIP is not set +# CONFIG_NF_CONNTRACK_TFTP is not set +CONFIG_NF_CT_NETLINK=y +# CONFIG_NF_CT_NETLINK_TIMEOUT is not set +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_UDPLITE=y +# CONFIG_NF_NAT_AMANDA is not set +# CONFIG_NF_NAT_FTP is not set +# CONFIG_NF_NAT_IRC is not set +# CONFIG_NF_NAT_SIP is not set +# CONFIG_NF_NAT_TFTP is not set +CONFIG_NF_NAT_REDIRECT=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +# CONFIG_NETFILTER_XT_TARGET_HMARK is not set +# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_NOTRACK=y +# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +# CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +# CONFIG_NETFILTER_XT_MATCH_BPF is not set +# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +# CONFIG_NETFILTER_XT_MATCH_CPU is not set +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set +# CONFIG_NETFILTER_XT_MATCH_OSF is not set +# CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set +CONFIG_NETFILTER_XT_MATCH_REALM=y +# CONFIG_NETFILTER_XT_MATCH_RECENT is not set +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +# CONFIG_NETFILTER_XT_MATCH_TIME is not set +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +# CONFIG_IP_SET_HASH_IPMARK is not set +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_MAC is not set +# CONFIG_IP_SET_HASH_NETPORTNET is not set +CONFIG_IP_SET_HASH_NET=y +# CONFIG_IP_SET_HASH_NETNET is not set +CONFIG_IP_SET_HASH_NETPORT=y +# CONFIG_IP_SET_HASH_NETIFACE is not set +CONFIG_IP_SET_LIST_SET=y +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_CONNTRACK_IPV4=y +# CONFIG_NF_DUP_IPV4 is not set +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV4=y +# CONFIG_NF_NAT_PPTP is not set +# CONFIG_NF_NAT_H323 is not set +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +# CONFIG_IP_NF_MATCH_RPFILTER is not set +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK_IPV6=y +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=y +CONFIG_NF_NAT_IPV6=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +# CONFIG_IP6_NF_MATCH_RPFILTER is not set +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +# CONFIG_IP6_NF_NAT is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +CONFIG_L2TP=y +# CONFIG_L2TP_V3 is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_STREAM_PARSER is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +# CONFIG_CFG80211 is not set +# CONFIG_LIB80211 is not set + +# +# CFG80211 needs to be enabled for MAC80211 +# +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +# CONFIG_DMA_SHARED_BUFFER is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=y +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# + +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +# CONFIG_SCSI is not set +# CONFIG_SCSI_DMA is not set +# CONFIG_SCSI_NETLINK is not set +# CONFIG_ATA is not set +# CONFIG_MD is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +CONFIG_DUMMY=y +# CONFIG_EQUALIZER is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_GTP is not set +CONFIG_MACSEC=y +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +CONFIG_TUN=y +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_NET_VENDOR_AURORA is not set +CONFIG_NET_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +# CONFIG_TIGON3 is not set +# CONFIG_BNX2X is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_LIQUIDIO is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +# CONFIG_NET_TULIP is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_EXAR=y +# CONFIG_S2IO is not set +# CONFIG_VXGE is not set +CONFIG_NET_VENDOR_HP=y +# CONFIG_HP100 is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +CONFIG_NET_VENDOR_I825XX=y +# CONFIG_JME is not set +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_MVNETA_BM is not set +# CONFIG_SKGE is not set +# CONFIG_SKY2 is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX4_CORE is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP_NETVF is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_NE2K_PCI is not set +CONFIG_NET_VENDOR_NVIDIA=y +# CONFIG_FORCEDETH is not set +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_PACKET_ENGINE=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_QLGE is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +# CONFIG_8139TOO is not set +# CONFIG_R8169 is not set +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +# CONFIG_SFC is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_ALE is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K_PCI is not set +CONFIG_WLAN_VENDOR_ATMEL=y +CONFIG_WLAN_VENDOR_BROADCOM=y +CONFIG_WLAN_VENDOR_CISCO=y +CONFIG_WLAN_VENDOR_INTEL=y +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_PRISM54 is not set +CONFIG_WLAN_VENDOR_MARVELL=y +CONFIG_WLAN_VENDOR_MEDIATEK=y +CONFIG_WLAN_VENDOR_RALINK=y +CONFIG_WLAN_VENDOR_REALTEK=y +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_WLAN_VENDOR_ST=y +CONFIG_WLAN_VENDOR_TI=y +CONFIG_WLAN_VENDOR_ZYDAS=y + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=y +CONFIG_INPUT_MOUSEDEV_PSAUX=y +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +CONFIG_LEGACY_PTYS=y +CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +CONFIG_DEVKMEM=y + +# +# Serial drivers +# +# CONFIG_SERIAL_8250 is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_HVC_DRIVER=y +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +# CONFIG_HW_RANDOM is not set +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +# CONFIG_I2C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +# CONFIG_PPS is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_MAX8903 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_VID is not set +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH56XX_COMMON is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +CONFIG_THERMAL_HWMON=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_MFD_EXYNOS_LPASS is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ACP (Audio CoProcessor) Configuration +# + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# CONFIG_BACKLIGHT_LCD_SUPPORT is not set +# CONFIG_VGASTATE is not set + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_SOUND=y +# CONFIG_SOUND_OSS_CORE is not set +# CONFIG_SND is not set +# CONFIG_SOUND_PRIME is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CMEDIA is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +CONFIG_HID_PLANTRONICS=y +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_ARCH_HAS_HCD=y +# CONFIG_USB is not set + +# +# USB port drivers +# + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GADGET is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO=y + +# +# Virtio drivers +# +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_BALLOON=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACERHDF is not set +# CONFIG_DELL_SMO8800 is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_HP_WIRELESS is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ACPI_WMI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_PMC_CORE is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_PVPANIC is not set +# CONFIG_INTEL_PMC_IPC is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# CONFIG_AMD_IOMMU is not set +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# + +# +# Broadcom SoC drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# CONFIG_LIBNVDIMM is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +CONFIG_EXT3_FS=y +# CONFIG_EXT3_FS_POSIX_ACL is not set +# CONFIG_EXT3_FS_SECURITY is not set +CONFIG_EXT4_FS=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +CONFIG_REISERFS_FS=y +# CONFIG_REISERFS_CHECK is not set +# CONFIG_REISERFS_PROC_INFO is not set +# CONFIG_REISERFS_FS_XATTR is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +# CONFIG_QUOTA_NETLINK_INTERFACE is not set +CONFIG_PRINT_QUOTA_WARNING=y +# CONFIG_QUOTA_DEBUG is not set +# CONFIG_QFMT_V1 is not set +# CONFIG_QFMT_V2 is not set +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +# CONFIG_MSDOS_FS is not set +# CONFIG_VFAT_FS is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="iso8859-1" +# CONFIG_NLS_CODEPAGE_437 is not set +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +# CONFIG_NLS_ISO8859_1 is not set +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +# CONFIG_NLS_UTF8 is not set + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +# CONFIG_PRINTK_TIME is not set +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_GDB_SCRIPTS is not set +CONFIG_ENABLE_WARN_DEPRECATED=y +CONFIG_ENABLE_MUST_CHECK=y +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_UNUSED_SYMBOLS is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_DEBUG_FS is not set +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +# CONFIG_STACK_VALIDATION is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# CONFIG_MAGIC_SYSRQ is not set +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_DEBUG_SLAB is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_HAVE_ARCH_KASAN=y +# CONFIG_KASAN is not set +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +# CONFIG_LOCKUP_DETECTOR is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_STACKTRACE is not set +# CONFIG_DEBUG_KOBJECT is not set +CONFIG_DEBUG_BUGVERBOSE=y +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_ENABLE_DEFAULT_TRACERS is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_BLK_DEV_IO_TRACE is not set +# CONFIG_UPROBE_EVENT is not set +# CONFIG_PROBE_EVENTS is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set + +# +# Runtime Testing +# +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +CONFIG_DEBUG_RODATA_TEST=y +# CONFIG_DEBUG_WX is not set +CONFIG_DOUBLEFAULT=y +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=0 +# CONFIG_CPA_DEBUG is not set +# CONFIG_OPTIMIZE_INLINING is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +# CONFIG_SECURITYFS is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y +# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_DH=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=y +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_POLY1305=y +CONFIG_CRYPTO_POLY1305_X86_64=y +CONFIG_CRYPTO_MD4=y +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_RMD128=y +CONFIG_CRYPTO_RMD160=y +CONFIG_CRYPTO_RMD256=y +CONFIG_CRYPTO_RMD320=y +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SHA1_MB is not set +CONFIG_CRYPTO_SHA256_MB=y +CONFIG_CRYPTO_SHA512_MB=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_TGR192=y +CONFIG_CRYPTO_WP512=y +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=y +CONFIG_CRYPTO_ARC4=y +CONFIG_CRYPTO_BLOWFISH=y +CONFIG_CRYPTO_BLOWFISH_COMMON=y +CONFIG_CRYPTO_BLOWFISH_X86_64=y +CONFIG_CRYPTO_CAMELLIA=y +CONFIG_CRYPTO_CAMELLIA_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y +CONFIG_CRYPTO_CAST_COMMON=y +CONFIG_CRYPTO_CAST5=y +CONFIG_CRYPTO_CAST5_AVX_X86_64=y +CONFIG_CRYPTO_CAST6=y +CONFIG_CRYPTO_CAST6_AVX_X86_64=y +CONFIG_CRYPTO_DES=y +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +CONFIG_CRYPTO_FCRYPT=y +CONFIG_CRYPTO_KHAZAD=y +CONFIG_CRYPTO_SALSA20=y +CONFIG_CRYPTO_SALSA20_X86_64=y +CONFIG_CRYPTO_CHACHA20=y +CONFIG_CRYPTO_CHACHA20_X86_64=y +CONFIG_CRYPTO_SEED=y +CONFIG_CRYPTO_SERPENT=y +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX_X86_64=y +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y +CONFIG_CRYPTO_TEA=y +CONFIG_CRYPTO_TWOFISH=y +CONFIG_CRYPTO_TWOFISH_COMMON=y +CONFIG_CRYPTO_TWOFISH_X86_64=y +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=y +CONFIG_CRYPTO_LZ4=y +CONFIG_CRYPTO_LZ4HC=y + +# +# Random Number Generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +# CONFIG_CRYPTO_USER_API_RNG is not set +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +CONFIG_VIRTUALIZATION=y +# CONFIG_KVM is not set +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=y +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=y +CONFIG_842_DECOMPRESS=y +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=y +CONFIG_LZ4HC_COMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +# CONFIG_XZ_DEC is not set +# CONFIG_XZ_DEC_BCJ is not set +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DQL=y +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_CORDIC is not set +# CONFIG_DDR is not set +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +# CONFIG_SG_SPLIT is not set +# CONFIG_SG_POOL is not set +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y +CONFIG_SBITMAP=y diff --git a/testing/do-tests b/testing/do-tests index fd5cfe61b..60c34c798 100755 --- a/testing/do-tests +++ b/testing/do-tests @@ -298,63 +298,6 @@ do touch $CONSOLE_LOG TESTDIR=$TESTSDIR/${testname} - rm -rf $TESTDIR - mkdir -p $TESTDIR - cp -rfp $DEFAULTTESTSDIR/${testname}/* $TESTDIR - - - ############################################################################## - # replace IP wildcards with actual IPv4 and IPv6 addresses - # - - for host in $STRONGSWANHOSTS - do - case $host in - moon) - searchandreplace PH_IP_MOON1 $ipv4_moon1 $TESTDIR - searchandreplace PH_IP_MOON $ipv4_moon $TESTDIR - searchandreplace PH_IP6_MOON1 $ipv6_moon1 $TESTDIR - searchandreplace PH_IP6_MOON $ipv6_moon $TESTDIR - ;; - sun) - searchandreplace PH_IP_SUN1 $ipv4_sun1 $TESTDIR - searchandreplace PH_IP_SUN $ipv4_sun $TESTDIR - searchandreplace PH_IP6_SUN1 $ipv6_sun1 $TESTDIR - searchandreplace PH_IP6_SUN $ipv6_sun $TESTDIR - ;; - alice) - searchandreplace PH_IP_ALICE1 $ipv4_alice1 $TESTDIR - searchandreplace PH_IP_ALICE $ipv4_alice $TESTDIR - searchandreplace PH_IP6_ALICE1 $ipv6_alice1 $TESTDIR - searchandreplace PH_IP6_ALICE $ipv6_alice $TESTDIR - ;; - venus) - searchandreplace PH_IP_VENUS $ipv4_venus $TESTDIR - searchandreplace PH_IP6_VENUS $ipv6_venus $TESTDIR - ;; - bob) - searchandreplace PH_IP_BOB $ipv4_bob $TESTDIR - searchandreplace PH_IPV6_BOB $ipv6_bob $TESTDIR - ;; - carol) - searchandreplace PH_IP_CAROL1 $ipv4_carol1 $TESTDIR - searchandreplace PH_IP_CAROL $ipv4_carol $TESTDIR - searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $TESTDIR - searchandreplace PH_IP6_CAROL $ipv6_carol $TESTDIR - ;; - dave) - searchandreplace PH_IP_DAVE1 $ipv4_dave1 $TESTDIR - searchandreplace PH_IP_DAVE $ipv4_dave $TESTDIR - searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $TESTDIR - searchandreplace PH_IP6_DAVE $ipv6_dave $TESTDIR - ;; - winnetou) - searchandreplace PH_IP_WINNETOU $ipv4_winnetou $TESTDIR - searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $TESTDIR - ;; - esac - done - ########################################################################## # copy test specific configurations to hosts and clear log files diff --git a/testing/hosts/default/usr/local/bin/init_tnc b/testing/hosts/default/usr/local/bin/init_tnc new file mode 100755 index 000000000..49084e477 --- /dev/null +++ b/testing/hosts/default/usr/local/bin/init_tnc @@ -0,0 +1,15 @@ +#!/bin/sh + +cd /var/www/tnc + +if [ -f django.db ] +then + exit 0 +fi + +./manage.py migrate --database meta +./manage.py setpassword strongSwan strongSwan +./manage.py collectstatic --noinput + +chmod g+w django.db +exit 0 diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolCert.pem new file mode 100644 index 000000000..132b5d57a --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4jCCAZSgAwIBAgIBAzAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDExWhcNMjExMjA0MjI0MDExWjBbMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh +APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GIMIGFMB8GA1UdIwQY +MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u +Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh +bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAFBgMrZXADQQAC5ukfb9FmxhM5 +ynVSrYUvCfii+zD7SjA+kFabRZ6tgoTWBBUONT31dwLpD0Aqe0z7SWLTXpeVVAl4 +JbhZsPUD +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/daveCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/daveCert.pem new file mode 100644 index 000000000..18f0e088c --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/daveCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz +d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn +86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK +MEj7Dg== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/moonCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/moonCert.pem new file mode 100644 index 000000000..e67b224b6 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/moonCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww +BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX +8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/sunCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/sunCert.pem new file mode 100644 index 000000000..70af02017 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/sunCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn +HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW +gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh +bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0 +cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG +AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq +8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/carolKey.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/carolKey.pem new file mode 100644 index 000000000..5c3e2623d --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/carolKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8 +-----END PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/daveKey.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/daveKey.pem new file mode 100644 index 000000000..bf84ef3dd --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/daveKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX +-----END PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/moonKey.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/moonKey.pem new file mode 100644 index 000000000..491d36430 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/moonKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk +-----END PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/sunKey.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/sunKey.pem new file mode 100644 index 000000000..b83f62c13 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/newkeys/sunKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0 +-----END PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519.crl b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519.crl Binary files differnew file mode 100644 index 000000000..b0320ad25 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519.crl diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Cert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Cert.pem new file mode 100644 index 000000000..9c5a06945 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Cert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv +OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Key.pem b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Key.pem new file mode 100644 index 000000000..ae82fb9c0 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Key.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIHb+63Ppcfc9m/E9EyoojCDUz6KcUmwTquU7sgpmctz0 +-----END PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index 1a375e051..1c62d643d 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -63,3 +63,6 @@ cp strongswan_bliss.crl ${ROOT} cd /etc/openssl/sha3-rsa pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --digest sha3_256 > strongswan-sha3-rsa.crl cp strongswan-sha3-rsa.crl ${ROOT} +cd /etc/openssl/ed25519 +pki --signcrl --cacert strongswan_ed25519Cert.pem --cakey strongswan_ed25519Key.pem --lifetime 30 > strongswan_ed25519.crl +cp strongswan_ed25519.crl ${ROOT} diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt index 586f9dda3..057333f5b 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt +++ b/testing/hosts/winnetou/etc/openssl/index.txt @@ -36,7 +36,7 @@ R 151119165922Z 151126081658Z,superseded 23 unknown /C=CH/O=Linux strongSwan/OU= R 161015124507Z 161018152707Z,superseded 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org R 161015124759Z 161018152711Z,superseded 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org R 161015125030Z 161018152714Z,superseded 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org -V 170314064200Z 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org +R 170314064200Z 170320204507Z,superseded 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org R 190321135622Z 140322135700Z,CACompromise 28 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 190413204655Z 29 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol@strongswan.org V 190826144245Z 2A unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org @@ -53,3 +53,4 @@ V 190906082453Z 34 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=m V 190905153713Z 35 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org V 190905154104Z 36 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org V 190905154224Z 37 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org +V 190906205244Z 38 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old index 649ad9ff5..8e9729c82 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/index.txt.old @@ -36,7 +36,7 @@ R 151119165922Z 151126081658Z,superseded 23 unknown /C=CH/O=Linux strongSwan/OU= R 161015124507Z 161018152707Z,superseded 24 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org R 161015124759Z 161018152711Z,superseded 25 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org R 161015125030Z 161018152714Z,superseded 26 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org -V 170314064200Z 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org +R 170314064200Z 170320204507Z,superseded 27 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org R 190321135622Z 140322135700Z,CACompromise 28 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 190413204655Z 29 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol@strongswan.org V 190826144245Z 2A unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org @@ -52,3 +52,4 @@ V 190906145531Z 33 unknown /C=CH/O=Linux strongSwan/CN=aaa.strongswan.org V 190906082453Z 34 unknown /C=CH/O=Linux strongSwan/OU=Virtual VPN Gateway/CN=mars.strongswan.org V 190905153713Z 35 unknown /C=CH/O=Linux strongSwan/OU=SHA-224/CN=moon.strongswan.org V 190905154104Z 36 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org +V 190905154224Z 37 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/38.pem b/testing/hosts/winnetou/etc/openssl/newcerts/38.pem new file mode 100644 index 000000000..d1e85db8a --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/38.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE3MDMyMDIwNTI0NFoXDTE5MDkwNjIwNTI0NFowVjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax +HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu +8qaOjRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS +6ngwOEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5 +WRqVVDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbR +wjx2afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj +2uStn7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABo4IBQzCCAT8wCQYD +VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFJCYo8BXG9mSEkp2ag3HiT74 +TT+4MG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD +VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry +b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry +b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0 +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCo +tFCDUTmBfPjeaDQVCv7uBausS0sZCw+Pw7zypqo3vyRm0R2Ds2eymfVI4/Zc1NwW +hYCy9D1f1r2gukI2jDWHdDwNMQPptyx0Kxr98SIlm9ms8jGT7GZ5l0SdkGe5GDMO +vq7FscqQZX/KkdFk3ye/ONffFS/ukjVRHu8971BNODcRbG0OBhEI2TQsIyxf/iir +taI23m8b9dclikqZx3FqoxfTHSN5T5KHntpH7KVIS00hrlavxkLLMn5oePRnkBWu +feSmpfbOBbnEpElLtJM5K8AjArGOx8nxrtw/KNjMiOsyfCim1r0ff1tnZGtHhHCq +ZCZKA5DsRXZVWasv1CIz +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial index e522732c7..a2720097d 100644 --- a/testing/hosts/winnetou/etc/openssl/serial +++ b/testing/hosts/winnetou/etc/openssl/serial @@ -1 +1 @@ -38 +39 diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old index 81b5c5d06..e522732c7 100644 --- a/testing/hosts/winnetou/etc/openssl/serial.old +++ b/testing/hosts/winnetou/etc/openssl/serial.old @@ -1 +1 @@ -37 +38 diff --git a/testing/hosts/winnetou/etc/strongswan.conf b/testing/hosts/winnetou/etc/strongswan.conf index dfb9dbc5b..a69df79ab 100644 --- a/testing/hosts/winnetou/etc/strongswan.conf +++ b/testing/hosts/winnetou/etc/strongswan.conf @@ -1,5 +1,5 @@ # strongswan.conf - strongSwan configuration file pki { - load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509 + load = random pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509 } diff --git a/testing/scripts/build-guestkernel b/testing/scripts/build-guestkernel index a10fb83d2..c8f0178ef 100755 --- a/testing/scripts/build-guestkernel +++ b/testing/scripts/build-guestkernel @@ -14,7 +14,7 @@ cd $BUILDDIR if [ ! -f "$KERNELTARBALL" ] then - url=ftp://ftp.kernel.org/pub/linux/kernel/v${KERNELVERSION:0:1}.x/$KERNELTARBALL + url=https://cdn.kernel.org/pub/linux/kernel/v${KERNELVERSION:0:1}.x/$KERNELTARBALL log_action "Downloading $url" execute "wget -q $url" fi diff --git a/testing/scripts/load-testconfig b/testing/scripts/load-testconfig index 5f35c129e..a1a0f987d 100755 --- a/testing/scripts/load-testconfig +++ b/testing/scripts/load-testconfig @@ -25,24 +25,123 @@ SSHCONF="-F $DIR/../ssh_config" testname=$1 +DEFAULTTESTSDIR=$DIR/../tests + +[ -d $DEFAULTTESTSDIR ] || die "Directory 'tests' not found" +[ -d $DEFAULTTESTSDIR/$testname ] || die "Test '$testname' not found" +[ -f $DEFAULTTESTSDIR/$testname/test.conf ] || die "File 'test.conf' is missing" + TESTSDIR=$BUILDDIR/tests +[ -d $TESTSDIR ] || mkdir $TESTSDIR + +TESTDIR=$TESTSDIR/${testname} +rm -rf $TESTDIR +mkdir -p $TESTDIR +cp -rfp $DEFAULTTESTSDIR/${testname}/* $TESTDIR + +############################################################################## +# assign IP for each host to hostname +# + +for host in $STRONGSWANHOSTS +do + eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" + eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" -[ -d $TESTSDIR ] || die "Directory '$TESTSDIR' not found" -[ -d $TESTSDIR/$testname ] || die "Test '$testname' not found" -[ -f $TESTSDIR/$testname/test.conf ] || die "File 'test.conf' is missing" + case $host in + moon) + eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + sun) + eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + alice) + eval ipv4_alice1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_alice1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + venus) + ;; + bob) + ;; + carol) + eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + dave) + eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`" + ;; + winnetou) + ;; + esac +done + +############################################################################## +# replace IP wildcards with actual IPv4 and IPv6 addresses +# + +for host in $STRONGSWANHOSTS +do + case $host in + moon) + searchandreplace PH_IP_MOON1 $ipv4_moon1 $TESTDIR + searchandreplace PH_IP_MOON $ipv4_moon $TESTDIR + searchandreplace PH_IP6_MOON1 $ipv6_moon1 $TESTDIR + searchandreplace PH_IP6_MOON $ipv6_moon $TESTDIR + ;; + sun) + searchandreplace PH_IP_SUN1 $ipv4_sun1 $TESTDIR + searchandreplace PH_IP_SUN $ipv4_sun $TESTDIR + searchandreplace PH_IP6_SUN1 $ipv6_sun1 $TESTDIR + searchandreplace PH_IP6_SUN $ipv6_sun $TESTDIR + ;; + alice) + searchandreplace PH_IP_ALICE1 $ipv4_alice1 $TESTDIR + searchandreplace PH_IP_ALICE $ipv4_alice $TESTDIR + searchandreplace PH_IP6_ALICE1 $ipv6_alice1 $TESTDIR + searchandreplace PH_IP6_ALICE $ipv6_alice $TESTDIR + ;; + venus) + searchandreplace PH_IP_VENUS $ipv4_venus $TESTDIR + searchandreplace PH_IP6_VENUS $ipv6_venus $TESTDIR + ;; + bob) + searchandreplace PH_IP_BOB $ipv4_bob $TESTDIR + searchandreplace PH_IPV6_BOB $ipv6_bob $TESTDIR + ;; + carol) + searchandreplace PH_IP_CAROL1 $ipv4_carol1 $TESTDIR + searchandreplace PH_IP_CAROL $ipv4_carol $TESTDIR + searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $TESTDIR + searchandreplace PH_IP6_CAROL $ipv6_carol $TESTDIR + ;; + dave) + searchandreplace PH_IP_DAVE1 $ipv4_dave1 $TESTDIR + searchandreplace PH_IP_DAVE $ipv4_dave $TESTDIR + searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $TESTDIR + searchandreplace PH_IP6_DAVE $ipv6_dave $TESTDIR + ;; + winnetou) + searchandreplace PH_IP_WINNETOU $ipv4_winnetou $TESTDIR + searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $TESTDIR + ;; + esac +done -source $TESTSDIR/$testname/test.conf +source $TESTDIR/test.conf ########################################################################## # copy test specific configurations to uml hosts # -if [ -d $TESTSDIR/$testname/hosts ] +if [ -d $TESTDIR/hosts ] then - for host in `ls $TESTSDIR/$testname/hosts` + for host in `ls $TESTDIR/hosts` do - eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" - scp $SSHCONF -r $TESTSDIR/$testname/hosts/$host/etc $HOSTLOGIN:/ > /dev/null 2>&1 + eval HOSTLOGIN=root@\$ipv4_${host} + scp $SSHCONF -r $TESTDIR/hosts/$host/etc $HOSTLOGIN:/ > /dev/null 2>&1 done fi @@ -53,7 +152,7 @@ fi for host in $IPSECHOSTS do - eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" + eval HOSTLOGIN=root@\$ipv4_${host} ssh $SSHCONF $HOSTLOGIN 'rm -f /var/log/auth.log /var/log/daemon.log; \ kill -SIGHUP `cat /var/run/rsyslogd.pid`' > /dev/null 2>&1 done @@ -65,7 +164,7 @@ done for host in $RADIUSHOSTS do - eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" + eval HOSTLOGIN=root@\$ipv4_${host} ssh $SSHCONF $HOSTLOGIN 'rm -f /var/log/daemon.log /var/log/freeradius/radius.log; \ kill -SIGHUP `cat /var/run/rsyslogd.pid`' > /dev/null 2>&1 done diff --git a/testing/scripts/recipes/015_strongTNC.mk b/testing/scripts/recipes/015_strongTNC.mk index cc4a94a0b..419d60bb1 100644 --- a/testing/scripts/recipes/015_strongTNC.mk +++ b/testing/scripts/recipes/015_strongTNC.mk @@ -19,4 +19,4 @@ $(DEPS): $(PKG)-master install: $(DEPS) pip install --no-index --find-links=file://`pwd`/$(DEPS) -r $(PKG)-master/requirements.txt - cp -r $(PKG)-master /var/www/tnc && chgrp -R www-data /var/www/tnc && chmod g+w /var/www/tnc /var/www/tnc/django.db + cp -r $(PKG)-master /var/www/tnc && chgrp -R www-data /var/www/tnc && chmod g+sw /var/www/tnc diff --git a/testing/testing.conf b/testing/testing.conf index 5f85dd592..1a3097711 100644 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -24,14 +24,14 @@ fi : ${TESTDIR=/srv/strongswan-testing} # Kernel configuration -: ${KERNELVERSION=4.8.3} +: ${KERNELVERSION=4.10.6} : ${KERNEL=linux-$KERNELVERSION} : ${KERNELTARBALL=$KERNEL.tar.xz} -: ${KERNELCONFIG=$DIR/../config/kernel/config-4.8} +: ${KERNELCONFIG=$DIR/../config/kernel/config-4.10} : ${KERNELPATCH=ha-4.4-abicompat.patch.bz2} # strongSwan version used in tests -: ${SWANVERSION=5.5.1} +: ${SWANVERSION=5.5.2} # Build directory where the guest kernel and images will be built : ${BUILDDIR=$TESTDIR/build} diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf index d6d453948..5072d77d8 100644 --- a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha + plugins { ha { local = PH_IP_ALICE diff --git a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf index e58af9efd..af5fa19ef 100644 --- a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf index ecbad665c..16a0a8ca0 100644 --- a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf index 198f3a01d..68d4414ba 100644 --- a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha + plugins { ha { local = PH_IP_MOON1 diff --git a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf index e8be72ae0..0d10394c0 100644 --- a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha + plugins { ha { local = PH_IP_ALICE diff --git a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf index e58af9efd..af5fa19ef 100644 --- a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf index ecbad665c..16a0a8ca0 100644 --- a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf index 206fb21b6..17d54222d 100644 --- a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha + plugins { ha { local = PH_IP_MOON1 diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf index 0776fb189..48e8fc6ff 100644 --- a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf index 0776fb189..7a64dce30 100644 --- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf index 0776fb189..7a64dce30 100644 --- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf index 9b248e833..ae0529ecc 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default } diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf index 9b248e833..ab779fc23 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default } diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf index 9b248e833..ab779fc23 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf index f585edfca..66ff24601 100644 --- a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf index 1f0fd41a8..d69a7b808 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha256/description.txt b/testing/tests/ikev1/alg-sha256/description.txt index 826a8f10b..f7e53913c 100644 --- a/testing/tests/ikev1/alg-sha256/description.txt +++ b/testing/tests/ikev1/alg-sha256/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b> +<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat index 8cbac4ff3..d9ff9475e 100644 --- a/testing/tests/ikev1/alg-sha256/evaltest.dat +++ b/testing/tests/ikev1/alg-sha256/evaltest.dat @@ -2,11 +2,11 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES -carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/CURVE_25519,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/CURVE_25519,::YES moon:: ip xfrm state::auth-trunc hmac(sha256)::YES carol::ip xfrm state::auth-trunc hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf index 1c227978e..25fce1881 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf index 177aebf52..b3e5df10b 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha384/description.txt b/testing/tests/ikev1/alg-sha384/description.txt index 2255fe8fb..f96ea5c4f 100644 --- a/testing/tests/ikev1/alg-sha384/description.txt +++ b/testing/tests/ikev1/alg-sha384/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b> +<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat index 166aa8120..3a533566f 100644 --- a/testing/tests/ikev1/alg-sha384/evaltest.dat +++ b/testing/tests/ikev1/alg-sha384/evaltest.dat @@ -2,11 +2,11 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES -carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/CURVE_25519,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/CURVE_25519,::YES moon:: ip xfrm state::auth-trunc hmac(sha384)::YES carol::ip xfrm state::auth-trunc hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf index 6f1519f2c..9e7f48868 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-curve25519! + esp=aes192-sha384-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf index 919ee9b09..d4c4a6f6d 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-curve25519! + esp=aes192-sha384-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf index 5d1c35cc2..0fbefa3fc 100644 --- a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf index 5d1c35cc2..729db4526 100644 --- a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf index de6bda2d1..b8817fe13 100644 --- a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf index 5d1c35cc2..0fbefa3fc 100644 --- a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf index 5d1c35cc2..729db4526 100644 --- a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf index de6bda2d1..b8817fe13 100644 --- a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt index 9fe03b010..40cc82128 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-modp2048</b> or alternatively -<b>esp=aes128ccm96-modp2048</b> in ipsec.conf. +<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-curve25519</b> or alternatively +<b>esp=aes128ccm96-curve25519</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf index 1cef8f8c5..35b96c1a4 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp2048! - esp=aes128ccm96-modp2048! + ike=aes128-sha256-curve25519! + esp=aes128ccm96-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf index f295f159a..9692b64f7 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf index 72163aeec..40251f7d9 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha256-modp2048! - esp=aes128ccm12-modp2048! + ike=aes128-sha256-curve25519! + esp=aes128ccm12-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf index f295f159a..cbfd676a4 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt index fbcc48022..5858267b3 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt @@ -1,3 +1,3 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CTR_256 / AES_XCBC_96</b> by defining <b>esp=aes256ctr-aesxcbc-modp2048</b> in ipsec.conf. +<b>AES_CTR_256 / AES_XCBC_96</b> by defining <b>esp=aes256ctr-aesxcbc-curve25519</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf index 08ff7dab2..ac835d07d 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256ctr-aesxcbc-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256ctr-aesxcbc-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf index cae7e00ca..913afb404 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf index f712ed86d..5c7bbf863 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256ctr-aesxcbc-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256ctr-aesxcbc-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf index cae7e00ca..8cbe58f19 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt index bd9521e0d..f112af6ef 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-modp2048</b> or alternatively -<b>esp=aes256gcm128-modp2048</b> in ipsec.conf. +<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-curve25519</b> or alternatively +<b>esp=aes256gcm128-curve25519</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf index 125ce919e..6dddc28cf 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256gcm128-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256gcm128-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf index e396bb199..1d1cd4e93 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf index b5821cd07..d98aaeafe 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha512-modp2048! - esp=aes256gcm16-modp2048! + ike=aes256-sha512-curve25519! + esp=aes256gcm16-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf index e396bb199..369c2946f 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt index 823ec253d..0d5eb1015 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt +++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only -ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b> +ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-curve25519!</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index 5ad63657b..c6d77ca68 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-sha256-curve25519! + esp=aes256gmac-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index fba69aba3..f42aad256 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-sha256-curve25519! + esp=aes256gmac-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf index 94eb96f38..a653bcd77 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! + ike=aes256-sha256-curve25519! esp=aes256-aesxcbc! conn home diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf index f585edfca..c5200b071 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf index dbc468571..3e37c3cf0 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes256-sha256-modp2048! + ike=aes256-sha256-curve25519! esp=aes256-aesxcbc! conn rw diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf index f585edfca..e0561f3ff 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat index d9888a15d..b80e9f781 100644 --- a/testing/tests/ikev1/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat @@ -3,9 +3,9 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 176::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 176::YES diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf index cd93d795f..d43629158 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-curve25519! + esp=null-sha256! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf index 2e9b8de65..c17c5815e 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-curve25519! + esp=null-sha256! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf index 7d97dd229..c22405914 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown plugins { attr-sql { diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-ah/description.txt b/testing/tests/ikev1/net2net-ah/description.txt index 7ced7a551..fbe4a777d 100644 --- a/testing/tests/ikev1/net2net-ah/description.txt +++ b/testing/tests/ikev1/net2net-ah/description.txt @@ -1,8 +1,8 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up using the IKEv1 protocol. -With <b>ah=md5,sha1</b> gateway <b>moon</b> proposes the use of an -<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection -with its <b>ah=sha1!</b> configuration. +With <b>ah=sha1,sha256!</b> gateway <b>moon</b> proposes the use of <b>AH</b>. +Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its +<b>ah=sha256!</b> configuration. <p/> Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/ikev1/net2net-ah/evaltest.dat b/testing/tests/ikev1/net2net-ah/evaltest.dat index d13369f05..34a1cde9a 100644 --- a/testing/tests/ikev1/net2net-ah/evaltest.dat +++ b/testing/tests/ikev1/net2net-ah/evaltest.dat @@ -1,5 +1,5 @@ -sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_MD5_96/NO_EXT_SEQ, AH:HMAC_SHA1_96/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/NO_EXT_SEQ, AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES @@ -7,5 +7,5 @@ sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES -moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES -sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES +moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES +sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf index d062dfe57..d6e251dba 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev1 - ike=aes128-sha1-modp1536! - ah=md5,sha1 + ike=aes128-sha256-modp3072! + ah=sha1,sha256! conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf index c374adfc4..7c0490d59 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev1 - ike=aes128-sha1-modp1536! - ah=sha1! + ike=aes128-sha256-modp3072! + ah=sha256! conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/net2net-esn/description.txt b/testing/tests/ikev1/net2net-esn/description.txt index 13bb62b1d..6318c55c6 100644 --- a/testing/tests/ikev1/net2net-esn/description.txt +++ b/testing/tests/ikev1/net2net-esn/description.txt @@ -1,6 +1,6 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. -With <b>esp=aes128-sha1-esn!</b> gateway <b>moon</b> proposes the use of -<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha1-esn-noesn!</b>, +With <b>esp=aes128-sha256-esn!</b> gateway <b>moon</b> proposes the use of +<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha256-esn-noesn!</b>, accepting proposals with and without ESN. <p/> Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind diff --git a/testing/tests/ikev1/net2net-esn/evaltest.dat b/testing/tests/ikev1/net2net-esn/evaltest.dat index d8d7cb446..8fa6893fd 100644 --- a/testing/tests/ikev1/net2net-esn/evaltest.dat +++ b/testing/tests/ikev1/net2net-esn/evaltest.dat @@ -1,6 +1,6 @@ -sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES -sun:: cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES @@ -12,6 +12,6 @@ moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES -moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES -sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf index 892907200..4fcff4a89 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn! conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf index 666e32def..2e81bfd04 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn-noesn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn-noesn! conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf index e66301482..14cd6e43c 100644 --- a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf @@ -1,8 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf index e66301482..14cd6e43c 100644 --- a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf @@ -1,8 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 3925d92a4..38df6a919 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index fafe267a6..7a578d242 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf index 248642530..955514391 100644 --- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf index 248642530..955514391 100644 --- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf index 33c50d171..af5fa19ef 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf index 33c50d171..93f434598 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf index 33c50d171..93f434598 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf index c43d34ae9..5df879c6b 100644 --- a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf @@ -1,8 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default unity - + load = random nonce aes sha1 sha2 md5 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default unity cisco_unity = yes - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf index cb696bd3a..b925166b9 100644 --- a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf @@ -1,10 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity - + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default attr unity cisco_unity = yes - dh_exponent_ansi_x9_42 = no plugins { attr { diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf index 86827b23b..7e579273b 100644 --- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - dh_exponent_ansi_x9_42 = no integrity_test = yes crypto_test { diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf index 86827b23b..7e579273b 100644 --- a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - dh_exponent_ansi_x9_42 = no integrity_test = yes crypto_test { diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf index 86827b23b..7e579273b 100644 --- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - dh_exponent_ansi_x9_42 = no integrity_test = yes crypto_test { diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf index 73b0885d0..ff775e5f9 100644 --- a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown initiator_only = yes } diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf index 094e0effa..c58fdbcd7 100644 --- a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf index 094e0effa..c58fdbcd7 100644 --- a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf index 708a71c7e..bcafd86ba 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown i_dont_care_about_security_and_use_aggressive_mode_psk = yes } diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf index c08fab86e..d6dcd99d0 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf index 66054d0f9..d6dcd99d0 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf index 02e7618d3..4f0b4be87 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf @@ -1,9 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic attr kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic attr kernel-netlink socket-default stroke updown dns1 = 192.168.0.150 dns2 = 10.1.0.20 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf index f65197bef..73a4271bd 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf index f65197bef..73a4271bd 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf index f65197bef..73a4271bd 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf index 09b9264ae..41fa522c8 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -1,9 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-md5 xauth-eap updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-md5 xauth-eap updown plugins { eap-radius { diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf index a6e1ba46b..2f8caca10 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf @@ -1,9 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown plugins { eap-radius { diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf index ca3372f7d..b635720d1 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf index ca3372f7d..e3bada0fc 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke } diff --git a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf index bae8628f3..6276b14ee 100644 --- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf index bae8628f3..6276b14ee 100644 --- a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf index bae8628f3..6276b14ee 100644 --- a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf index f585edfca..66ff24601 100644 --- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ccm/description.txt b/testing/tests/ikev2/alg-aes-ccm/description.txt index 28e38ca7f..569504aa0 100644 --- a/testing/tests/ikev2/alg-aes-ccm/description.txt +++ b/testing/tests/ikev2/alg-aes-ccm/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite -<b>AES_CCM_12_128</b> both for IKE and ESP by defining <b>ike=aes128ccm12-aesxcbc-modp2048</b> -(or alternatively <b>aes128ccm96</b>) and <b>esp=aes128ccm12-modp2048</b> in ipsec.conf, respectively. +<b>AES_CCM_12_128</b> both for IKE and ESP by defining <b>ike=aes128ccm12-aesxcbc-curve25519</b> +(or alternatively <b>aes128ccm96</b>) and <b>esp=aes128ccm12-curve25519</b> in ipsec.conf, respectively. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf index 03707f89f..c7218e4de 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm96-aesxcbc-modp2048! - esp=aes128ccm96-modp2048! + ike=aes128ccm96-aesxcbc-x25519! + esp=aes128ccm96-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf index f295f159a..eb329f28a 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf index d7ed92f7e..fdffa0f25 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm12-aesxcbc-modp2048! - esp=aes128ccm12-modp2048! + ike=aes128ccm12-aesxcbc-x25519! + esp=aes128ccm12-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf index f295f159a..ffe6974db 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ctr/description.txt b/testing/tests/ikev2/alg-aes-ctr/description.txt index edb601b61..1ac6b4cd1 100644 --- a/testing/tests/ikev2/alg-aes-ctr/description.txt +++ b/testing/tests/ikev2/alg-aes-ctr/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite -<b>AES_CTR_128</b> both for IKE and ESP by defining <b>ike=aes128ctr-aesxcbc-modp2048</b> -and <b>esp=aes128ctr-aesxcbc-modp2048</b> in ipsec.conf, respectively. +<b>AES_CTR_128</b> both for IKE and ESP by defining <b>ike=aes128ctr-aesxcbc-curve25519</b> +and <b>esp=aes128ctr-aesxcbc-curve25519</b> in ipsec.conf, respectively. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf index 3be20c613..b5aabdd38 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-modp2048! - esp=aes128ctr-aesxcbc-modp2048! + ike=aes128ctr-aesxcbc-x25519! + esp=aes128ctr-aesxcbc-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf index cae7e00ca..c6ef5d795 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf index 1cf16ee38..650b346eb 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-modp2048! - esp=aes128ctr-aesxcbc-modp2048! + ike=aes128ctr-aesxcbc-x25519! + esp=aes128ctr-aesxcbc-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf index cae7e00ca..3ec3f0078 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-gcm/description.txt b/testing/tests/ikev2/alg-aes-gcm/description.txt index 2afcecd68..ccf32fc3a 100644 --- a/testing/tests/ikev2/alg-aes-gcm/description.txt +++ b/testing/tests/ikev2/alg-aes-gcm/description.txt @@ -1,5 +1,5 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite -<b>AES_GCM_16_256</b> both for IKE and ESP by defining <b>ike=aes256gcm16-aesxcbc-modp2048</b> -(or alternatively <b>aes256gcm128</b>) and <b>esp=aes256gcm16-modp2048</b> in ipsec.conf, +<b>AES_GCM_16_256</b> both for IKE and ESP by defining <b>ike=aes256gcm16-aesxcbc-curve25519</b> +(or alternatively <b>aes256gcm128</b>) and <b>esp=aes256gcm16-curve25519</b> in ipsec.conf, respectively. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index 7a808ff65..c6bc925e8 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm128-aesxcbc-modp2048! - esp=aes256gcm128-modp2048! + ike=aes256gcm128-aesxcbc-x25519! + esp=aes256gcm128-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf index e396bb199..7cb4496f2 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 12a35cb8a..1597aae79 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm16-aesxcbc-modp2048! - esp=aes256gcm16-modp2048! + ike=aes256gcm16-aesxcbc-x25519! + esp=aes256gcm16-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf index e396bb199..35d3c19a2 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/description.txt b/testing/tests/ikev2/alg-aes-xcbc/description.txt index c71d7493f..d69d3d0b6 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/description.txt +++ b/testing/tests/ikev2/alg-aes-xcbc/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-modp2048!</b> +<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index 4b8548404..42bf0764a 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index c9e9e92e5..93bafcec1 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-modp3072! - esp=aes128-aesxcbc-modp3072! + ike=aes128-aesxcbc-x25519! + esp=aes128-aesxcbc-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index f585edfca..ce996478c 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 4e4a9324f..13a179882 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-modp3072! - esp=aes128-aesxcbc-modp3072! + ike=aes128-aesxcbc-x25519! + esp=aes128-aesxcbc-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index f585edfca..69f188e3d 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index 1f0fd41a8..d69a7b808 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha256-96/description.txt b/testing/tests/ikev2/alg-sha256-96/description.txt index e1d591625..9e5321eb6 100644 --- a/testing/tests/ikev2/alg-sha256-96/description.txt +++ b/testing/tests/ikev2/alg-sha256-96/description.txt @@ -1,5 +1,5 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite <b>AES_CBC_128 / HMAC_SHA2_256_96</b> which uses 96 bit instead of the standard 128 bit truncation, allowing compatibility with Linux kernels older than 2.6.33 -by defining <b>esp=aes128-sha256_96-modp2048!</b> in ipsec.conf. +by defining <b>esp=aes128-sha256_96-curve25519!</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat index c5ea03f4c..42e7b9335 100644 --- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf index 90a143678..6a1a1ad14 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256_96-modp3072! + ike=aes128-sha256-x25519! + esp=aes128-sha256_96-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf index adc0ab9fb..a3837a4ce 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf index e0b2625c0..41919c876 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256_96-modp3072! + ike=aes128-sha256-x25519! + esp=aes128-sha256_96-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf index adc0ab9fb..55a6df151 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-sha256/description.txt b/testing/tests/ikev2/alg-sha256/description.txt index 826a8f10b..f7e53913c 100644 --- a/testing/tests/ikev2/alg-sha256/description.txt +++ b/testing/tests/ikev2/alg-sha256/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b> +<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat index 8bfcbc428..f47852b34 100644 --- a/testing/tests/ikev2/alg-sha256/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf index 6890ea458..b3548db92 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-x25519! + esp=aes128-sha256-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf index 583111893..da8bff039 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-x25519! + esp=aes128-sha256-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha384/description.txt b/testing/tests/ikev2/alg-sha384/description.txt index 2255fe8fb..f96ea5c4f 100644 --- a/testing/tests/ikev2/alg-sha384/description.txt +++ b/testing/tests/ikev2/alg-sha384/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b> +<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat index 1148a182e..56d862e1e 100644 --- a/testing/tests/ikev2/alg-sha384/evaltest.dat +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf index e02d90b78..e9122d4b1 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-x25519! + esp=aes192-sha384-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf index 990fce1d0..e4b52732c 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-x25519! + esp=aes192-sha384-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf index 5d1c35cc2..0fbefa3fc 100644 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf index 5d1c35cc2..729db4526 100644 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index de6bda2d1..b8817fe13 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf index 269e1a5d9..448093f9f 100644 --- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf index a2bdf799f..dbcb7a368 100644 --- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf index ea1b90593..82118b410 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default cache_crls = yes } diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf index d0c3f8c49..a9c6e8d4e 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf index d0c3f8c49..a9c6e8d4e 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf index ea1b90593..82118b410 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default cache_crls = yes } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf index 1c7c270df..c4a0ff8bb 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp + plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf index 1c7c270df..c4a0ff8bb 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp + plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf index d96d1d74e..0883bf058 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp + plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt index 823ec253d..0d5eb1015 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt +++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only -ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b> +ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-curve25519!</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index 8f5b77cac..ebe0c277a 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-aesxcbc-x25519! + esp=aes256gmac-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf index f585edfca..ce996478c 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index d41ba72e8..1fdb1bd27 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-aesxcbc-x25519! + esp=aes256gmac-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf index f585edfca..69f188e3d 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index d9888a15d..b80e9f781 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -3,9 +3,9 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 176::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 176::YES diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf index 1d8509115..9991b0b24 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-x25519! + esp=null-sha256! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf index 38f8bd619..2a2c4cb9c 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-x25519! + esp=null-sha256! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf index 52629873e..043c3d79f 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! + ike=aes128-sha1-modp2048! esp=aes128-sha1_160! conn home diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf index d4cc3fbaf..86819631b 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! + ike=aes128-sha1-modp2048! esp=aes128-sha1_160! conn rw diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf index eaaf8bd96..e34ca9da7 100644 --- a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS } diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf index 986ef32de..9cd6f687d 100644 --- a/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr forecast + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr forecast + syslog { daemon { net = 2 diff --git a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..373830110 --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation pubkey curve25519 gmp curl kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf index 1311e5b27..e3fc4d707 100644 --- a/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default connmark + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default connmark } diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf new file mode 100644 index 000000000..373830110 --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation pubkey curve25519 gmp curl kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..281da123f --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..281da123f --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf new file mode 100644 index 000000000..281da123f --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf index 7d97dd229..c22405914 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf index 7d97dd229..c22405914 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf index 7b81476e9..f0b74a743 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf index b238646ac..1664d55aa 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf index b238646ac..1664d55aa 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf index da157a5ee..db9ab464b 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf index f585edfca..952df5e67 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf index f585edfca..952df5e67 100644 --- a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf index af1bc1851..cabe702e5 100644 --- a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown lookip + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown lookip } diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf index 414eebaa0..5615f4491 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf index 414eebaa0..51614f716 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf index 710c38b9e..aab6993ce 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf index 91ded3733..fa36317e7 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf index 91ded3733..fa36317e7 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf index d0c3f8c49..2881b73c5 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf index 0431c5d1f..3038f522d 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce constraints x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp constraints x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf index 8d3610bd6..0b6834b16 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation constraints hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation constraints hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf index 924fd4757..f6cb39c78 100644 --- a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf index 924fd4757..f6cb39c78 100644 --- a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf index 924fd4757..f6cb39c78 100644 --- a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-ah/description.txt b/testing/tests/ikev2/net2net-ah/description.txt index a8ac7ee6b..7816aa275 100644 --- a/testing/tests/ikev2/net2net-ah/description.txt +++ b/testing/tests/ikev2/net2net-ah/description.txt @@ -1,7 +1,7 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. -With <b>ah=sha1-md5</b> gateway <b>moon</b> proposes the use of an -<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection -with its <b>ah=sha1!</b> configuration. +With <b>ah=sha256-sha384!</b> gateway <b>moon</b> proposes the use of <b>AH</b>. +Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its <b>ah=sha256!</b> +configuration. <p/> Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/ikev2/net2net-ah/evaltest.dat b/testing/tests/ikev2/net2net-ah/evaltest.dat index 1cfc450e7..69a7165cf 100644 --- a/testing/tests/ikev2/net2net-ah/evaltest.dat +++ b/testing/tests/ikev2/net2net-ah/evaltest.dat @@ -1,5 +1,5 @@ -sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/HMAC_MD5_96/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA2_256_128/HMAC_SHA2_384_192/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES @@ -7,5 +7,5 @@ sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES -moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES -sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES +moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES +sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf index 602119553..7af65a55d 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev2 - ike=aes128-sha1-modp1536! - ah=sha1-md5 + ike=aes128-sha256-modp3072! + ah=sha256-sha384! conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf index 3f1ee5991..82da6cb7a 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev2 - ike=aes128-sha1-modp1536! - ah=sha1! + ike=aes128-sha256-modp3072! + ah=sha256! conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf index 6e5c24063..2cb7f03e0 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no signature_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf index 6e5c24063..2cb7f03e0 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no signature_authentication = no } diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf index d5ac37937..b73dd8a5f 100644 --- a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown plugins { dnscert { diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf index d5ac37937..b73dd8a5f 100644 --- a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown plugins { dnscert { diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf index 58deb25f0..d4c8c5595 100644 --- a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound ipseckey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default stroke updown plugins { ipseckey { diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf index 58deb25f0..d4c8c5595 100644 --- a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound ipseckey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default stroke updown plugins { ipseckey { diff --git a/testing/tests/ikev2/net2net-ed25519/description.txt b/testing/tests/ikev2/net2net-ed25519/description.txt new file mode 100644 index 000000000..07839e0ae --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. +The authentication is based on <b>X.509 certificates</b> containing <b>Ed25519</b> keys. +Upon the successful establishment of the IPsec tunnel, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b> +pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/ikev2/net2net-ed25519/evaltest.dat b/testing/tests/ikev2/net2net-ed25519/evaltest.dat new file mode 100644 index 000000000..cb29fa6bd --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/evaltest.dat @@ -0,0 +1,9 @@ +moon::cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with ED25519 successful::YES +sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ED25519 successful::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..e85ec33e0 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftauth=pubkey + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightauth=pubkey + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..9c5a06945 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv +OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/certs/moonCert.pem new file mode 100644 index 000000000..e67b224b6 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww +BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX +8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/private/moonKey.pem new file mode 100644 index 000000000..491d36430 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk +-----END PRIVATE KEY----- diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..54790b60f --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: PKCS8 moonKey.pem diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..021f78e8c --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 x509 curl revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..cfe995511 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftauth=pubkey + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightauth=pubkey + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..9c5a06945 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv +OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/certs/sunCert.pem new file mode 100644 index 000000000..70af02017 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/certs/sunCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn +HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW +gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh +bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0 +cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG +AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq +8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/private/sunKey.pem new file mode 100644 index 000000000..b83f62c13 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.d/private/sunKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0 +-----END PRIVATE KEY----- diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.secrets new file mode 100644 index 000000000..e3850f0aa --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,8 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: PKCS8 sunKey.pem + + + + + diff --git a/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..021f78e8c --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 x509 curl revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-ed25519/posttest.dat b/testing/tests/ikev2/net2net-ed25519/posttest.dat new file mode 100644 index 000000000..837738fc6 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush + diff --git a/testing/tests/ikev2/net2net-ed25519/pretest.dat b/testing/tests/ikev2/net2net-ed25519/pretest.dat new file mode 100644 index 000000000..bcc2cb04d --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/pretest.dat @@ -0,0 +1,7 @@ +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +sun::ipsec start +moon::ipsec start +sun::expect-connection net-net +moon::expect-connection net-net +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-ed25519/test.conf b/testing/tests/ikev2/net2net-ed25519/test.conf new file mode 100644 index 000000000..646b8b3e6 --- /dev/null +++ b/testing/tests/ikev2/net2net-ed25519/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-esn/description.txt b/testing/tests/ikev2/net2net-esn/description.txt index da847b6a4..c9da6820b 100644 --- a/testing/tests/ikev2/net2net-esn/description.txt +++ b/testing/tests/ikev2/net2net-esn/description.txt @@ -1,7 +1,7 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. -With <b>esp=aes128-sha1-esn-noesn!</b> gateway <b>moon</b> proposes the use of +With <b>esp=aes128-sha256-esn-noesn!</b> gateway <b>moon</b> proposes the use of <b>Extended Sequence Numbers</b> but can also live without them. Gateway <b>sun</b> -defines <b>esp=aes128-sha1-esn!</b> and thus decides on the use of ESN. +defines <b>esp=aes128-sha256-esn!</b> and thus decides on the use of ESN. <p/> Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> 10 times. diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat index 63058eb88..534ace9e1 100644 --- a/testing/tests/ikev2/net2net-esn/evaltest.dat +++ b/testing/tests/ikev2/net2net-esn/evaltest.dat @@ -1,5 +1,5 @@ -sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES @@ -11,6 +11,6 @@ moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES -moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES -sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf index 3418e63c4..8cce0c957 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn-noesn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn-noesn! mobike=no conn net-net diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf index f0b6c906f..1fd5ddb03 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn! mobike=no conn net-net diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf index 8cc4192c6..02280ac2f 100644 --- a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf @@ -1,8 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf index 8cc4192c6..02280ac2f 100644 --- a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf @@ -1,8 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf index db2698dbf..904a5fa6e 100644 --- a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default forecast multiple_authentication = no plugins { diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf index db2698dbf..904a5fa6e 100644 --- a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default forecast multiple_authentication = no plugins { diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf index 867949da4..49077484a 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf index e39c9222e..1dcbd6c27 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 3925d92a4..38df6a919 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index a4cfc6168..0b31f738c 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes } diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf index 8accff27c..a76d6017e 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf index 8accff27c..a76d6017e 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf index 8accff27c..7e5328760 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf index 8accff27c..7e5328760 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf index 92e758d35..4494daee7 100644 --- a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf index 92e758d35..4494daee7 100644 --- a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf index 5d04d3e99..3cf8c8807 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf index 5d04d3e99..3cf8c8807 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf index 3cd90047f..4cc2e21c6 100644 --- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf index 3cd90047f..4cc2e21c6 100644 --- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf index f1b3fb77f..18ed6a4c4 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf index f1b3fb77f..18ed6a4c4 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf index e1efec866..045e3a082 100644 --- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf index e1efec866..045e3a082 100644 --- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem index a1c57b0f0..d1e85db8a 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem @@ -1,95 +1,26 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 39 (0x27) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA - Validity - Not Before: Mar 15 06:42:00 2012 GMT - Not After : Mar 14 06:42:00 2017 GMT - Subject: C=CH, O=Linux strongSwan, OU=OCSP, CN=carol@strongswan.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:b0:33:dd:ed:c0:d6:9d:01:de:eb:08:c4:f9:6a: - e9:46:10:f6:a4:cd:7d:aa:79:4b:c2:33:1f:61:40: - 40:de:06:9f:b8:2a:b0:84:cd:a7:79:c8:ee:a7:24: - 69:08:04:89:f8:7b:62:7e:03:9e:0a:d9:df:ff:7c: - 20:3c:a7:b1:86:7f:cc:e6:ad:0c:7e:6f:c4:9b:31: - 55:57:92:df:7b:94:86:f1:27:3a:0e:fa:0b:92:58: - ad:64:8a:40:46:5d:87:ca:11:20:03:ad:86:68:a5: - 0c:8a:19:ce:36:d0:55:bf:1f:00:47:c9:1a:af:c5: - ad:14:3c:d7:0c:9e:28:d9:61:1b:a2:a8:b7:f1:56: - a7:d9:3b:fa:09:08:2c:9b:75:e3:30:64:5e:93:80: - 48:94:35:0d:97:ca:ac:57:66:02:86:b6:1b:6b:f1: - 4a:86:30:74:48:38:46:1a:7d:07:61:30:15:33:b0: - 9d:50:fc:4d:8c:16:1e:30:13:9f:07:04:7a:3b:92: - 54:33:c7:3a:0b:67:e2:ba:46:b0:b3:0d:79:7f:e4: - ed:81:bd:34:cb:e5:30:f3:af:d4:dd:52:3e:f5:13: - 0e:c0:79:f8:43:c7:f5:b9:b0:12:6a:46:38:db:61: - 44:c8:4a:68:7b:77:34:68:63:ef:88:16:be:ae:89: - ff:89 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Key Encipherment, Key Agreement - X509v3 Subject Key Identifier: - C5:E8:58:D7:63:B0:B8:D4:2E:22:04:E1:CB:35:34:95:DA:74:F0:E6 - X509v3 Authority Key Identifier: - keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF - DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA - serial:00 - - X509v3 Subject Alternative Name: - email:carol@strongswan.org - Authority Information Access: - OCSP - URI:http://ocsp.strongswan.org:8880 - - X509v3 CRL Distribution Points: - URI:http://crl.strongswan.org/strongswan.crl - - Signature Algorithm: sha256WithRSAEncryption - b6:2d:d8:bb:40:e9:cf:a9:33:31:6c:91:c7:40:79:8c:5f:89: - 8e:26:d8:ef:91:67:da:71:75:f9:27:84:21:c3:6c:d1:a5:fb: - 50:de:b2:02:ad:3c:a4:6b:40:58:30:41:c7:bd:31:ca:df:77: - 00:c9:ac:5b:10:e3:66:71:6c:be:4a:49:7e:58:92:de:f4:16: - 51:12:00:2c:33:e2:2c:b5:e5:d4:6e:36:a2:50:ba:86:e3:c6: - bb:50:a2:e5:11:69:c4:86:91:fc:4d:65:7e:09:49:bd:d2:ae: - cd:70:f8:98:5d:a8:b6:cf:38:c3:19:49:fd:8b:72:3b:1a:cc: - fc:19:c9:c1:36:b2:39:ba:ed:9a:cd:db:2d:27:15:b0:ba:8a: - 64:4a:5c:8f:ff:db:78:7d:cd:78:c3:c6:13:ba:93:7b:b7:57: - da:a3:f2:16:9f:f7:24:95:57:df:f4:4f:c5:9f:d6:12:b1:69: - 39:a7:5a:88:9c:74:be:f7:b0:f3:b4:89:82:46:57:de:7d:a1: - 42:a2:c2:de:1c:37:19:66:60:2a:df:ed:25:e3:72:d3:f9:9b: - 84:05:b6:97:6a:63:63:5c:30:5d:01:7a:15:c4:6e:2c:a0:21: - d2:31:30:98:60:94:26:44:9a:08:b4:85:8d:52:00:98:ef:cb: - 07:4f:b7:8e -----BEGIN CERTIFICATE----- -MIIEWzCCA0OgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MIIEWzCCA0OgAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTEyMDMxNTA2NDIwMFoXDTE3MDMxNDA2NDIwMFowVjELMAkGA1UE +b290IENBMB4XDTE3MDMyMDIwNTI0NFoXDTE5MDkwNjIwNTI0NFowVjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gaf -uCqwhM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG -8Sc6DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEb -oqi38Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAV -M7CdUPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMO -wHn4Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABo4IBQzCCAT8wCQYD -VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFMXoWNdjsLjULiIE4cs1NJXa -dPDmMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD +AAOCAQ8AMIIBCgKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu +8qaOjRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS +6ngwOEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5 +WRqVVDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbR +wjx2afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj +2uStn7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABo4IBQzCCAT8wCQYD +VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFJCYo8BXG9mSEkp2ag3HiT74 +TT+4MG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0 -cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC2 -Ldi7QOnPqTMxbJHHQHmMX4mOJtjvkWfacXX5J4Qhw2zRpftQ3rICrTyka0BYMEHH -vTHK33cAyaxbEONmcWy+Skl+WJLe9BZREgAsM+IsteXUbjaiULqG48a7UKLlEWnE -hpH8TWV+CUm90q7NcPiYXai2zzjDGUn9i3I7Gsz8GcnBNrI5uu2azdstJxWwuopk -SlyP/9t4fc14w8YTupN7t1fao/IWn/cklVff9E/Fn9YSsWk5p1qInHS+97DztImC -RlfefaFCosLeHDcZZmAq3+0l43LT+ZuEBbaXamNjXDBdAXoVxG4soCHSMTCYYJQm -RJoItIWNUgCY78sHT7eO +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCo +tFCDUTmBfPjeaDQVCv7uBausS0sZCw+Pw7zypqo3vyRm0R2Ds2eymfVI4/Zc1NwW +hYCy9D1f1r2gukI2jDWHdDwNMQPptyx0Kxr98SIlm9ms8jGT7GZ5l0SdkGe5GDMO +vq7FscqQZX/KkdFk3ye/ONffFS/ukjVRHu8971BNODcRbG0OBhEI2TQsIyxf/iir +taI23m8b9dclikqZx3FqoxfTHSN5T5KHntpH7KVIS00hrlavxkLLMn5oePRnkBWu +feSmpfbOBbnEpElLtJM5K8AjArGOx8nxrtw/KNjMiOsyfCim1r0ff1tnZGtHhHCq +ZCZKA5DsRXZVWasv1CIz -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem index d6a762b1b..2d7938a1b 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gafuCqw -hM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG8Sc6 -DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEboqi3 -8Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAVM7Cd -UPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMOwHn4 -Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABAoIBAEEGwy5M7mb/G79t -exP5CqHa/MsRMwFIxlai+z+usMG/fA5BYud/5gCh0MFKRKC63BghoNWUjCzA/1OQ -AW2hDXjvjTTMREIdCVekuzQYdfVreOliaqDAUqjtpP/nrZTKS6Sc8U2qKmJQFvKY -V2wPMrXXwQi9BOY9c4R2d36ml7iw6veYhPj0XHy3spJc3V6k7YmbApOQgWDqRwid -GGnnvDpdD0gAGAOxadCCpV+N9NK+AMSk03Qpcc2ki4THEn2e8Rs1/dH1k5nics/E -cG9VT9pZtvGXjEX7Wo06v0lXsTRWGWLKhHvzfhIb6uWnC/YUR+7Cv8JYRz+RZn98 -bv5lXokCgYEA1iRf3gH8qwvxQjLtaNKRyr8Bheo3tsOLh2tYriWaUTXqeKAd46zI -KcWAKtYWJQenVyFvnsMwKNFvFq/HgJGhKTOvZRwsrTb2wXgxcAleOBO+Ts4Vhb9J -xil8/WcWCKU+GPf8hQOkwVnhv4CxLscCXT2g9zxTpP/JCKmHaucQog8CgYEA0qUC -NBRMh55bjiHaqsSRvr45iwxzNzd8KK5A/xKyScEl+A4HWdqDpZ+8w9YC4GUQClvH -cHn5NpWfq9hrNAXPjBzVGXk+JqFcJM/yPImH+Vg8MupJprwVSHJ1mqQ/MPSpxxhy -iNaWeJX6bhPAgQSOAYbH22uNOGePmMQ8kk3v/OcCgYA7ZzPA3kQ9Hr76Yi5Bmcgf -ugSuJV73MB+QnVKoXH4GcTJt69zev5t3GvaG64SRGSJupTPVksfVSuPKI1DwdXWD -fHb3UW2DT2/8E1+DeNXOMIvmSHzn8TyB4BhwIxyVoWEsg/5k17HogQqCmSyNkV8y -hloUu4NojhwybvTFzvtqOQKBgDL0IVVRt7Vyk/kMrWVziUHXp/m/uDsaG9mHVUee -USxQIYwgcJzGo+OzgSjqIuX+7GNlEhheGO+gP/CEuGHsKeldrBquXl9f1vc8qf8E -0bR6KI20aL6BbrCIp3QR2QtRk6QKgOIi7mEa/moUMxPCc0thPAUSviVvv6eXiINn -gO7vAoGAcvwVy9gDcGTL+4mMjZ07jc/TmQPmOpqosXuDTQZITuovpzY0Nf9KPNJs -0dTuCaO+N5ZjttxIm6L9h/Ah0BN2Ir+JbplJ5uScWldz0MFJXm1wz7KJCRZQpVIO -6SJCLSmh4nZ0TIL8V0ABhaFVQK0qq2z/ASljIF6iC68DBEDfuzY= +MIIEowIBAAKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu8qaO +jRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS6ngw +OEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5WRqV +VDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbRwjx2 +afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj2uSt +n7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABAoIBAGuC6UU3NyvYqVc+ +AiVC+r1rdU/052Rj53ahQVPhNXGZDdGkXlkdTgVynk5s+sA65KTl+7ppyAL7vzWe +QBhRUXCXPxs+3yFwqWadmbAAa5PTjKPfwIb1YmCFxGm5CoWdziLbyxVTDHkiCbGA +QL8ZSu3wvN32ZyGZ4lO48+ZKi3B+uO5IRPN1YfJAa9g4q+Xt7nybS7hQnriZAn/v +5ff5StjalQ/241U5LUOrfgeUQIp2DxPiUwHiH/HH1KrcR4Vm4dQrZdOSqUHptoc9 +D7PorAJ0cB7m2FdqAUgEKh4ONy11spf1do79Yi2+XaacTgoCoX8E/1+icmfYvQV7 +rWIBasECgYEA3MIvMrOHgqSNQDgpmA5aq2HsjLgL+KBcQWIFAVhNZ8MOtTYdDIXV +ZKz0HJjaRi4dSvSGPxze9iRmvhydAupJANBJndTrgAoyRo/tLvGBbuYq9B8R+XM/ +gKBUx5/AwenM4JbSodVIzQIJX7lo+Or1H5TuxJ1Xm79rQMg1GOoMSmECgYEAxYxC +lIWpHrVKoktazeuNF9E56fB/EAAjsmpJE7PM+SFDvGWbRJR5Y7faiCySetCW4/LC +Urs2IxnkV7Mo+HgIRmp/K8BBIQ7UAC72mU/qlZeTtf0DH4NMSarPB9+pse8lcPrZ +dyr7q1o2TDd1Q+fFfNWU3KAi2RHtmqKwRECKLnMCgYBPYK9x7qXiLuLvXYJvP3IQ +v9Q7wQ3k51xk0ib0ldi3X6bRN9T4JMNXQO1BvyB1La2wvv3qgaoWHX6oC0fVvYJk +fYCK9P18+62aO7RQNdyRkMePIgDnji4eRQhXAzVfRH87nl+8eyGDPaE7P0Lkhi9/ +nKDCJ8VRpmGdWJ/nBnlG4QKBgQC9ZOuwWTT7K/SSBIzaP6rV2tIbZ2dqf7e5pgzJ +xugNMccvKHrkFTUMVYg+Zf1JohIIGQYVK0eL/5bcPfhZvzqvyAqEd535g63dPylN +c0EEin4jTJ9h5w+M0SYL9nNLFGxhFR7JEXyXm7XS/JiAsgS02lAN9blzQ6z5RGCa +DwZr4QKBgBJBG343JQqRNiQDolaiwzWdSmUxBjfEPzP+pvXJ8pazAUeBdugcm59v +2whpaffSBJzy4ixInTDmAMhIqvkLlc6GrlTPIur4Gts+hssAjsQN0wEPpG1z+ui4 +4KH/klS64465eK40dplWn1akjOb0KaQsjNwffyfzszvh5+8PkzgB -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem index a1c57b0f0..d1e85db8a 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem @@ -1,95 +1,26 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 39 (0x27) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA - Validity - Not Before: Mar 15 06:42:00 2012 GMT - Not After : Mar 14 06:42:00 2017 GMT - Subject: C=CH, O=Linux strongSwan, OU=OCSP, CN=carol@strongswan.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:b0:33:dd:ed:c0:d6:9d:01:de:eb:08:c4:f9:6a: - e9:46:10:f6:a4:cd:7d:aa:79:4b:c2:33:1f:61:40: - 40:de:06:9f:b8:2a:b0:84:cd:a7:79:c8:ee:a7:24: - 69:08:04:89:f8:7b:62:7e:03:9e:0a:d9:df:ff:7c: - 20:3c:a7:b1:86:7f:cc:e6:ad:0c:7e:6f:c4:9b:31: - 55:57:92:df:7b:94:86:f1:27:3a:0e:fa:0b:92:58: - ad:64:8a:40:46:5d:87:ca:11:20:03:ad:86:68:a5: - 0c:8a:19:ce:36:d0:55:bf:1f:00:47:c9:1a:af:c5: - ad:14:3c:d7:0c:9e:28:d9:61:1b:a2:a8:b7:f1:56: - a7:d9:3b:fa:09:08:2c:9b:75:e3:30:64:5e:93:80: - 48:94:35:0d:97:ca:ac:57:66:02:86:b6:1b:6b:f1: - 4a:86:30:74:48:38:46:1a:7d:07:61:30:15:33:b0: - 9d:50:fc:4d:8c:16:1e:30:13:9f:07:04:7a:3b:92: - 54:33:c7:3a:0b:67:e2:ba:46:b0:b3:0d:79:7f:e4: - ed:81:bd:34:cb:e5:30:f3:af:d4:dd:52:3e:f5:13: - 0e:c0:79:f8:43:c7:f5:b9:b0:12:6a:46:38:db:61: - 44:c8:4a:68:7b:77:34:68:63:ef:88:16:be:ae:89: - ff:89 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Key Encipherment, Key Agreement - X509v3 Subject Key Identifier: - C5:E8:58:D7:63:B0:B8:D4:2E:22:04:E1:CB:35:34:95:DA:74:F0:E6 - X509v3 Authority Key Identifier: - keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF - DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA - serial:00 - - X509v3 Subject Alternative Name: - email:carol@strongswan.org - Authority Information Access: - OCSP - URI:http://ocsp.strongswan.org:8880 - - X509v3 CRL Distribution Points: - URI:http://crl.strongswan.org/strongswan.crl - - Signature Algorithm: sha256WithRSAEncryption - b6:2d:d8:bb:40:e9:cf:a9:33:31:6c:91:c7:40:79:8c:5f:89: - 8e:26:d8:ef:91:67:da:71:75:f9:27:84:21:c3:6c:d1:a5:fb: - 50:de:b2:02:ad:3c:a4:6b:40:58:30:41:c7:bd:31:ca:df:77: - 00:c9:ac:5b:10:e3:66:71:6c:be:4a:49:7e:58:92:de:f4:16: - 51:12:00:2c:33:e2:2c:b5:e5:d4:6e:36:a2:50:ba:86:e3:c6: - bb:50:a2:e5:11:69:c4:86:91:fc:4d:65:7e:09:49:bd:d2:ae: - cd:70:f8:98:5d:a8:b6:cf:38:c3:19:49:fd:8b:72:3b:1a:cc: - fc:19:c9:c1:36:b2:39:ba:ed:9a:cd:db:2d:27:15:b0:ba:8a: - 64:4a:5c:8f:ff:db:78:7d:cd:78:c3:c6:13:ba:93:7b:b7:57: - da:a3:f2:16:9f:f7:24:95:57:df:f4:4f:c5:9f:d6:12:b1:69: - 39:a7:5a:88:9c:74:be:f7:b0:f3:b4:89:82:46:57:de:7d:a1: - 42:a2:c2:de:1c:37:19:66:60:2a:df:ed:25:e3:72:d3:f9:9b: - 84:05:b6:97:6a:63:63:5c:30:5d:01:7a:15:c4:6e:2c:a0:21: - d2:31:30:98:60:94:26:44:9a:08:b4:85:8d:52:00:98:ef:cb: - 07:4f:b7:8e -----BEGIN CERTIFICATE----- -MIIEWzCCA0OgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MIIEWzCCA0OgAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTEyMDMxNTA2NDIwMFoXDTE3MDMxNDA2NDIwMFowVjELMAkGA1UE +b290IENBMB4XDTE3MDMyMDIwNTI0NFoXDTE5MDkwNjIwNTI0NFowVjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gaf -uCqwhM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG -8Sc6DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEb -oqi38Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAV -M7CdUPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMO -wHn4Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABo4IBQzCCAT8wCQYD -VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFMXoWNdjsLjULiIE4cs1NJXa -dPDmMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD +AAOCAQ8AMIIBCgKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu +8qaOjRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS +6ngwOEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5 +WRqVVDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbR +wjx2afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj +2uStn7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABo4IBQzCCAT8wCQYD +VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFJCYo8BXG9mSEkp2ag3HiT74 +TT+4MG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0 -cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC2 -Ldi7QOnPqTMxbJHHQHmMX4mOJtjvkWfacXX5J4Qhw2zRpftQ3rICrTyka0BYMEHH -vTHK33cAyaxbEONmcWy+Skl+WJLe9BZREgAsM+IsteXUbjaiULqG48a7UKLlEWnE -hpH8TWV+CUm90q7NcPiYXai2zzjDGUn9i3I7Gsz8GcnBNrI5uu2azdstJxWwuopk -SlyP/9t4fc14w8YTupN7t1fao/IWn/cklVff9E/Fn9YSsWk5p1qInHS+97DztImC -RlfefaFCosLeHDcZZmAq3+0l43LT+ZuEBbaXamNjXDBdAXoVxG4soCHSMTCYYJQm -RJoItIWNUgCY78sHT7eO +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCo +tFCDUTmBfPjeaDQVCv7uBausS0sZCw+Pw7zypqo3vyRm0R2Ds2eymfVI4/Zc1NwW +hYCy9D1f1r2gukI2jDWHdDwNMQPptyx0Kxr98SIlm9ms8jGT7GZ5l0SdkGe5GDMO +vq7FscqQZX/KkdFk3ye/ONffFS/ukjVRHu8971BNODcRbG0OBhEI2TQsIyxf/iir +taI23m8b9dclikqZx3FqoxfTHSN5T5KHntpH7KVIS00hrlavxkLLMn5oePRnkBWu +feSmpfbOBbnEpElLtJM5K8AjArGOx8nxrtw/KNjMiOsyfCim1r0ff1tnZGtHhHCq +ZCZKA5DsRXZVWasv1CIz -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem index d6a762b1b..2d7938a1b 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gafuCqw -hM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG8Sc6 -DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEboqi3 -8Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAVM7Cd -UPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMOwHn4 -Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABAoIBAEEGwy5M7mb/G79t -exP5CqHa/MsRMwFIxlai+z+usMG/fA5BYud/5gCh0MFKRKC63BghoNWUjCzA/1OQ -AW2hDXjvjTTMREIdCVekuzQYdfVreOliaqDAUqjtpP/nrZTKS6Sc8U2qKmJQFvKY -V2wPMrXXwQi9BOY9c4R2d36ml7iw6veYhPj0XHy3spJc3V6k7YmbApOQgWDqRwid -GGnnvDpdD0gAGAOxadCCpV+N9NK+AMSk03Qpcc2ki4THEn2e8Rs1/dH1k5nics/E -cG9VT9pZtvGXjEX7Wo06v0lXsTRWGWLKhHvzfhIb6uWnC/YUR+7Cv8JYRz+RZn98 -bv5lXokCgYEA1iRf3gH8qwvxQjLtaNKRyr8Bheo3tsOLh2tYriWaUTXqeKAd46zI -KcWAKtYWJQenVyFvnsMwKNFvFq/HgJGhKTOvZRwsrTb2wXgxcAleOBO+Ts4Vhb9J -xil8/WcWCKU+GPf8hQOkwVnhv4CxLscCXT2g9zxTpP/JCKmHaucQog8CgYEA0qUC -NBRMh55bjiHaqsSRvr45iwxzNzd8KK5A/xKyScEl+A4HWdqDpZ+8w9YC4GUQClvH -cHn5NpWfq9hrNAXPjBzVGXk+JqFcJM/yPImH+Vg8MupJprwVSHJ1mqQ/MPSpxxhy -iNaWeJX6bhPAgQSOAYbH22uNOGePmMQ8kk3v/OcCgYA7ZzPA3kQ9Hr76Yi5Bmcgf -ugSuJV73MB+QnVKoXH4GcTJt69zev5t3GvaG64SRGSJupTPVksfVSuPKI1DwdXWD -fHb3UW2DT2/8E1+DeNXOMIvmSHzn8TyB4BhwIxyVoWEsg/5k17HogQqCmSyNkV8y -hloUu4NojhwybvTFzvtqOQKBgDL0IVVRt7Vyk/kMrWVziUHXp/m/uDsaG9mHVUee -USxQIYwgcJzGo+OzgSjqIuX+7GNlEhheGO+gP/CEuGHsKeldrBquXl9f1vc8qf8E -0bR6KI20aL6BbrCIp3QR2QtRk6QKgOIi7mEa/moUMxPCc0thPAUSviVvv6eXiINn -gO7vAoGAcvwVy9gDcGTL+4mMjZ07jc/TmQPmOpqosXuDTQZITuovpzY0Nf9KPNJs -0dTuCaO+N5ZjttxIm6L9h/Ah0BN2Ir+JbplJ5uScWldz0MFJXm1wz7KJCRZQpVIO -6SJCLSmh4nZ0TIL8V0ABhaFVQK0qq2z/ASljIF6iC68DBEDfuzY= +MIIEowIBAAKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu8qaO +jRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS6ngw +OEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5WRqV +VDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbRwjx2 +afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj2uSt +n7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABAoIBAGuC6UU3NyvYqVc+ +AiVC+r1rdU/052Rj53ahQVPhNXGZDdGkXlkdTgVynk5s+sA65KTl+7ppyAL7vzWe +QBhRUXCXPxs+3yFwqWadmbAAa5PTjKPfwIb1YmCFxGm5CoWdziLbyxVTDHkiCbGA +QL8ZSu3wvN32ZyGZ4lO48+ZKi3B+uO5IRPN1YfJAa9g4q+Xt7nybS7hQnriZAn/v +5ff5StjalQ/241U5LUOrfgeUQIp2DxPiUwHiH/HH1KrcR4Vm4dQrZdOSqUHptoc9 +D7PorAJ0cB7m2FdqAUgEKh4ONy11spf1do79Yi2+XaacTgoCoX8E/1+icmfYvQV7 +rWIBasECgYEA3MIvMrOHgqSNQDgpmA5aq2HsjLgL+KBcQWIFAVhNZ8MOtTYdDIXV +ZKz0HJjaRi4dSvSGPxze9iRmvhydAupJANBJndTrgAoyRo/tLvGBbuYq9B8R+XM/ +gKBUx5/AwenM4JbSodVIzQIJX7lo+Or1H5TuxJ1Xm79rQMg1GOoMSmECgYEAxYxC +lIWpHrVKoktazeuNF9E56fB/EAAjsmpJE7PM+SFDvGWbRJR5Y7faiCySetCW4/LC +Urs2IxnkV7Mo+HgIRmp/K8BBIQ7UAC72mU/qlZeTtf0DH4NMSarPB9+pse8lcPrZ +dyr7q1o2TDd1Q+fFfNWU3KAi2RHtmqKwRECKLnMCgYBPYK9x7qXiLuLvXYJvP3IQ +v9Q7wQ3k51xk0ib0ldi3X6bRN9T4JMNXQO1BvyB1La2wvv3qgaoWHX6oC0fVvYJk +fYCK9P18+62aO7RQNdyRkMePIgDnji4eRQhXAzVfRH87nl+8eyGDPaE7P0Lkhi9/ +nKDCJ8VRpmGdWJ/nBnlG4QKBgQC9ZOuwWTT7K/SSBIzaP6rV2tIbZ2dqf7e5pgzJ +xugNMccvKHrkFTUMVYg+Zf1JohIIGQYVK0eL/5bcPfhZvzqvyAqEd535g63dPylN +c0EEin4jTJ9h5w+M0SYL9nNLFGxhFR7JEXyXm7XS/JiAsgS02lAN9blzQ6z5RGCa +DwZr4QKBgBJBG343JQqRNiQDolaiwzWdSmUxBjfEPzP+pvXJ8pazAUeBdugcm59v +2whpaffSBJzy4ixInTDmAMhIqvkLlc6GrlTPIur4Gts+hssAjsQN0wEPpG1z+ui4 +4KH/klS64465eK40dplWn1akjOb0KaQsjNwffyfzszvh5+8PkzgB -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf index f89437e43..1f0c2fad4 100644 --- a/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown make_before_break = yes } diff --git a/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf index f89437e43..1f0c2fad4 100644 --- a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown make_before_break = yes } diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf index f89437e43..1f0c2fad4 100644 --- a/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown make_before_break = yes } diff --git a/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf index 6f7f4c4cb..db3b53542 100644 --- a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown vici } diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf index e58af9efd..af5fa19ef 100644 --- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf index ecbad665c..16a0a8ca0 100644 --- a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf index 7c415b1ee..16a0a8ca0 100644 --- a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat index be78c5125..849d59a4e 100644 --- a/testing/tests/ikev2/rw-cert/evaltest.dat +++ b/testing/tests/ikev2/rw-cert/evaltest.dat @@ -12,4 +12,3 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 6a6d39899..520eb71ee 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 6a6d39899..520eb71ee 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 6a6d39899..520eb71ee 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf index 825af9dd0..29fa36133 100644 --- a/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve plugins { ipseckey { diff --git a/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf index 825af9dd0..0d3c7b781 100644 --- a/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve plugins { ipseckey { diff --git a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf index 644ac3d6a..fa853d435 100644 --- a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 dnskey pubkey unbound ipseckey gmp random nonce hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf index 32446b8c5..364b8c0fc 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf index 32446b8c5..364b8c0fc 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index b3d3510d0..a919d68ec 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index b3d3510d0..a919d68ec 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf index decdc7ecd..43e0ef3ca 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown } diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf index 75c8ad3f3..407683a43 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-md5 eap-tls eap-dynamic updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown plugins { eap-dynamic { diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf index 6cdad0a92..1479e3004 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { class_group = yes diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf index 6cdad0a92..1479e3004 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { class_group = yes diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf index 710c38b9e..3a8d5c20c 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf index 6de89b826..6d37fbb9d 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf index e48153bce..51eaacbe4 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown + load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf index e48153bce..51eaacbe4 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown + load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf index ccf3f2c86..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf index ccf3f2c86..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf index 5f9465d5c..48dcd3068 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no + plugins { eap-peap { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf index f97b28fb1..96b9ad0f7 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf index f97b28fb1..96b9ad0f7 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf index f2a9c378b..e8f76d443 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown multiple_authentication=no plugins { eap-peap { diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf index d2989a843..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf index d2989a843..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf index 3629454ed..968155146 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown multiple_authentication=no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf index 414eebaa0..51614f716 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf index 710c38b9e..3a8d5c20c 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf index 1ea5962b9..195893a18 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf index 1ea5962b9..195893a18 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf index 6de89b826..6725cf830 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown + load = random nonce aes sha1 sha2 md5 curve25519 hmac stroke kernel-netlink socket-default eap-radius updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat index 960352c51..9614686c2 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat @@ -1,3 +1,6 @@ +moon::rm /etc/ipsec.d/cacerts/* +carol::rm /etc/ipsec.d/cacerts/* +dave::rm /etc/ipsec.d/cacerts/* moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf index 1ea5962b9..e78434f8f 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf index 1ea5962b9..e78434f8f 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf index 6de89b826..6d37fbb9d 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf index a2c3b7154..e652c52d7 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf index 1716f912b..001583513 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf index 2fc9f94d3..6b0ab0dcc 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no plugins { diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf index 2fc9f94d3..6b0ab0dcc 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no plugins { diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf index 151017626..2261fc3e1 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf index 35b6f399e..8865bd52c 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf index 50f0389d3..84d571482 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf @@ -1,9 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } + libtls { suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 } diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf index fbf1617bc..783b4c844 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown multiple_authentication=no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf index e1a0cee27..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf index e1a0cee27..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf index 3f7b266a4..242329b3b 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + plugins { eap-ttls { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf index d148c4e97..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf index d148c4e97..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf index 2d85e8c03..20afebf81 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + plugins { eap-ttls { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf index e1a0cee27..1d380c409 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf index e1a0cee27..1d380c409 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf index fbf1617bc..968155146 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown multiple_authentication=no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf index 7ea4d88b3..9c9714a33 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf index 7ea4d88b3..3a52f0db6 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf index 7ea4d88b3..3a52f0db6 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf index 73b0885d0..54b68df4f 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown initiator_only = yes } diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf index 094e0effa..93f434598 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf index 094e0effa..93f434598 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf index d35cb993a..680785b23 100644 --- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes des md5 sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf index d35cb993a..6fab7121c 100644 --- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf index 665ef653b..c58fdbcd7 100644 --- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf index 924fd4757..b91dca901 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf index 924fd4757..669e29933 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf index 924fd4757..669e29933 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf index 2a5c62cc2..445b100cc 100644 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf index a7937edd2..75418b8a6 100644 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf index 044d73ac3..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf index 044d73ac3..93f434598 100644 --- a/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf index 044d73ac3..93f434598 100644 --- a/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf index 77edd576c..6145a963a 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac whitelist stroke kernel-netlink socket-default updown plugins { whitelist { enable = yes diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf index 8e685c862..dbcd7d844 100644 --- a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf index 8e685c862..8d89cd0bb 100644 --- a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf index 8e685c862..8d89cd0bb 100644 --- a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf index 8e685c862..8d89cd0bb 100644 --- a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf index 7014c369e..714f86868 100644 --- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf index 818f7cde3..6cb3ee291 100644 --- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf @@ -2,7 +2,7 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf index 818f7cde3..6cb3ee291 100644 --- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf @@ -2,7 +2,7 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf index a0f83449a..00380ccb4 100644 --- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1400 } diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf index a0f83449a..00380ccb4 100644 --- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1400 } diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf index a0f83449a..00380ccb4 100644 --- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1400 } diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf index a0f83449a..00380ccb4 100644 --- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1400 } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf index 5f29f522f..02280ac2f 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf index 1f39ade82..7a39a8ae4 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size=1024 } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf index 268b708df..0be55a717 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown install_routes = no } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf index a1a6e7494..812d52a95 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown install_routes=no } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf index 268b708df..0be55a717 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown install_routes = no } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf index a1a6e7494..812d52a95 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown install_routes=no } diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf index ec700392b..4fa0583ed 100644 --- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf index ec700392b..4fa0583ed 100644 --- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf index 5f29f522f..0835a1605 100644 --- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf index 5f29f522f..02280ac2f 100644 --- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf index 5f29f522f..02280ac2f 100644 --- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf index 82690710b..9c9714a33 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf index 82690710b..9c9714a33 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf index 82690710b..9c9714a33 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf index 699d8fdb1..955514391 100644 --- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf index 699d8fdb1..955514391 100644 --- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf index 699d8fdb1..955514391 100644 --- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf index 699d8fdb1..955514391 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf index 699d8fdb1..955514391 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf index 699d8fdb1..955514391 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf index ec700392b..da170cb15 100644 --- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf index bb9f8222c..4fa0583ed 100644 --- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random x509 curl nonce revocation addrblock hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf index ec700392b..4fa0583ed 100644 --- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf index 5f29f522f..02280ac2f 100644 --- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf index 5f29f522f..02280ac2f 100644 --- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 } diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf index 82690710b..3a52f0db6 100644 --- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf index 71180e05b..c8897b084 100644 --- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no + plugins { kernel-netlink { fwmark = !0x42 diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf index 71180e05b..c8897b084 100644 --- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no + plugins { kernel-netlink { fwmark = !0x42 diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat index e71456ef7..9365a8f44 100644 --- a/testing/tests/libipsec/net2net-3des/evaltest.dat +++ b/testing/tests/libipsec/net2net-3des/evaltest.dat @@ -2,8 +2,8 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES -sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES +moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES +sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf index f1d328fe5..141b4a3ed 100644 --- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf +++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=3des-sha1-modp1024! - esp=3des-sha1-modp1024! + ike=3des-sha1-modp2048! + esp=3des-sha1-modp2048! mobike=no conn net-net diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf index 19d636b3e..467da3ac9 100644 --- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf index 3bd31c61f..0108a04a3 100644 --- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf +++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=3des-sha1-modp1024! - esp=3des-sha1-modp1024! + ike=3des-sha1-modp2048! + esp=3des-sha1-modp2048! mobike=no conn net-net diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf index 19d636b3e..467da3ac9 100644 --- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf +++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf index 19d636b3e..fa7c0ece2 100644 --- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf index 19d636b3e..fa7c0ece2 100644 --- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf index c283474db..2beff1b76 100644 --- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 random nonce revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf index c283474db..2beff1b76 100644 --- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf +++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 random nonce revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf index 8acfbbffa..4ab9a617f 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown initiator_only = yes diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf index 8acfbbffa..4ab9a617f 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown initiator_only = yes diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf index 5f39be37e..d68b6e57a 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown + load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown plugins { openssl { diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf index 58914391c..1527867c7 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn home left=PH_IP_CAROL diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf index 150c63bc7..ed9410c04 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn home left=PH_IP_DAVE diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf index 5cf82c6b8..359029d02 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn rw left=PH_IP_MOON diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf index 3b065774f..24beedd82 100644 --- a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! mobike=no conn net-net diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf index 2b4406d75..f176bcd92 100644 --- a/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! mobike=no conn net-net diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf index dd2ceea60..c562e359c 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn home left=PH_IP_CAROL diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf index 4c6e11f16..62a62a463 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn home left=PH_IP_DAVE diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf index e67d9af9b..c5e5e61b0 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn rw left=PH_IP_MOON diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf index dd2ceea60..c562e359c 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn home left=PH_IP_CAROL diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf index 4c6e11f16..62a62a463 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn home left=PH_IP_DAVE diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf index e67d9af9b..c5e5e61b0 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-ecp256! + esp=aes128gcm16! conn rw left=PH_IP_MOON diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf index 7601113ab..fcb9d839f 100644 --- a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf @@ -8,7 +8,10 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - + ike=aes128-sha256-modp3072! + esp=aes128gcm16! + mobike=no + conn net-net left=PH_IP_MOON leftsubnet=10.1.0.0/16 diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf index 641c3d929..91d6ef5d8 100644 --- a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf @@ -8,6 +8,9 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-modp3072! + esp=aes128gcm16! + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf index 0296e1804..195710a7f 100644 --- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf @@ -8,6 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-modp3072! + esp=aes128gcm16! mobike=no conn net-net diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf index 6dcedd0e6..292fbeeb6 100644 --- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf @@ -6,8 +6,10 @@ conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev2 + ike=aes128-sha256-modp3072! + esp=aes128gcm16! mobike=no conn net-net diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index 5afc88f8a..45eef63d6 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index 5afc88f8a..da46bc2dc 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf index 5afc88f8a..fc5f418a6 100644 --- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf index 5afc88f8a..43363ba19 100644 --- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf index 5afc88f8a..fc5f418a6 100644 --- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf index 5afc88f8a..43363ba19 100644 --- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf index 5afc88f8a..dcbd76433 100644 --- a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf index 5afc88f8a..dcbd76433 100644 --- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf index 5afc88f8a..dcbd76433 100644 --- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf index 5afc88f8a..dcbd76433 100644 --- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf index 5afc88f8a..0ecc2f847 100644 --- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf index a627f72a1..5c541e4ab 100644 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf index a627f72a1..5c541e4ab 100644 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf index a627f72a1..5c541e4ab 100644 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf index db61be2ee..138386b6d 100644 --- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf index f8efdfff1..0ecc2f847 100644 --- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf index db61be2ee..138386b6d 100644 --- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/swanctl/config-payload/evaltest.dat b/testing/tests/swanctl/config-payload/evaltest.dat index 8115a9e53..3827b655b 100755 --- a/testing/tests/swanctl/config-payload/evaltest.dat +++ b/testing/tests/swanctl/config-payload/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.1 identity=carol@strongswan.org status=online::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.2 identity=dave@strongswan.org status=online::YES moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf index 7d7e5f9f5..1f367c2a0 100755 --- a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf index f1a76db62..3e7139535 100755 --- a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf index 7d7e5f9f5..1f367c2a0 100755 --- a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf index 184185bb3..c9e3c2b0c 100755 --- a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf index cd161bed0..ff6e7193e 100755 --- a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf index 08fa7113c..7819dbf14 100755 --- a/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf +++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf @@ -10,8 +10,8 @@ local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-curve25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-curve25519 diff --git a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat index bc8561103..7b88c6df9 100644 --- a/testing/tests/swanctl/dhcp-dynamic/evaltest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/evaltest.dat @@ -2,10 +2,10 @@ alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_.eq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_.eq=1::YES dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.1.0.50] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.50/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.1.0.51] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.51/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.1.0.50] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.50/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.1.0.51] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.51/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.1.0.50] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.50/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.1.0.51] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.51/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.1.0.50] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.50/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.1.0.51] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.1.0.51/32] moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf index 5b06b251f..dda67e0fc 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default resolve updown vici + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf index f1a76db62..3e7139535 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf index 5b06b251f..dda67e0fc 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default resolve updown vici + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf index 184185bb3..c9e3c2b0c 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf index 36e4e772a..1f1e0a652 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf index e19568b4b..8b62b8d5a 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/evaltest.dat b/testing/tests/swanctl/ip-pool-db/evaltest.dat index 5fa9dcac4..93983d8d3 100755 --- a/testing/tests/swanctl/ip-pool-db/evaltest.dat +++ b/testing/tests/swanctl/ip-pool-db/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES moon:: ipsec pool --status 2> /dev/null::big_pool.*10.3.0.1.*10.3.3.232.*static.*2::YES diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf index 44384caf4..11b1576e4 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf index f1a76db62..3e7139535 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf index 79bd9630b..be90bde25 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf index 184185bb3..c9e3c2b0c 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf index 1eab75a03..885d986c3 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown sqlite attr-sql vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf index 3975512d4..de225022b 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/evaltest.dat b/testing/tests/swanctl/ip-pool/evaltest.dat index ee0b9805e..0be5dcffb 100755 --- a/testing/tests/swanctl/ip-pool/evaltest.dat +++ b/testing/tests/swanctl/ip-pool/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32] moon:: swanctl --list-pools --raw 2> /dev/null::rw_pool.*base=10.3.0.0 size=14 online=2 offline=0::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.1 identity=carol@strongswan.org status=online::YES moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.2 identity=dave@strongswan.org status=online::YES diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf index f1a76db62..3e7139535 100755 --- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf index 184185bb3..c9e3c2b0c 100755 --- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf index cd161bed0..67e5a616a 100755 --- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf index 8d4dd6bdd..e70029609 100755 --- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/manual-prio/evaltest.dat b/testing/tests/swanctl/manual-prio/evaltest.dat index 8a0350563..25e81920b 100755 --- a/testing/tests/swanctl/manual-prio/evaltest.dat +++ b/testing/tests/swanctl/manual-prio/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES carol::ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES carol::ping -c 1 10.1.0.10::64 bytes from 10.1.0.10: icmp_.eq=1::YES dave:: ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf index 1821c1ca2..810dfe990 100755 --- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 priority = 2 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf index ecdd58591..c56a34cbe 100755 --- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf index 5fefdcdd2..0245fda08 100755 --- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { interface = eth0 policies_fwd_out = yes - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat index ebaad54d4..a520e5c2c 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -5,8 +5,8 @@ carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=228060123456001@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=228060123456001@strongswan.org remote-eap-id=228060123456001.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=228060123456001@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=228060123456001@strongswan.org remote-eap-id=228060123456001.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA.* successful::YES dave::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES dave::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf index bccbe5a51..7e2ee002e 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf index 944e78ee3..48653301b 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf @@ -23,10 +23,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf index bccbe5a51..7e2ee002e 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf index bca5ad39a..7aa09c296 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf @@ -23,10 +23,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf index 7f90207b2..40b0c5962 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf index 396eff5af..1b801e9ec 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf @@ -21,10 +21,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-cert/evaltest.dat b/testing/tests/swanctl/net2net-cert/evaltest.dat index 1d9bd6434..4c56d5299 100755 --- a/testing/tests/swanctl/net2net-cert/evaltest.dat +++ b/testing/tests/swanctl/net2net-cert/evaltest.dat @@ -1,5 +1,5 @@ -moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf index 9034651e7..bcc2742f7 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf index 2b9ddcf72..12cee0fc6 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-ed25519/description.txt b/testing/tests/swanctl/net2net-ed25519/description.txt new file mode 100755 index 000000000..07839e0ae --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. +The authentication is based on <b>X.509 certificates</b> containing <b>Ed25519</b> keys. +Upon the successful establishment of the IPsec tunnel, the updown script automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b> +pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/swanctl/net2net-ed25519/evaltest.dat b/testing/tests/swanctl/net2net-ed25519/evaltest.dat new file mode 100755 index 000000000..ebbb8ae75 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/evaltest.dat @@ -0,0 +1,7 @@ +moon::cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with ED25519 successful::YES +sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ED25519 successful::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..d766a705c --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf @@ -0,0 +1,22 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + syslog { + auth { + default = 0 + } + daemon { + default = 1 + } + } +} diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/pkcs8/moonKey.pem b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/pkcs8/moonKey.pem new file mode 100644 index 000000000..491d36430 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/pkcs8/moonKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..bcc2742f7 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.1 + remote_addrs = 192.168.0.2 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + id = sun.strongswan.org + } + children { + net-net { + local_ts = 10.1.0.0/16 + remote_ts = 10.2.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + mobike = no + reauth_time = 10800 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509/moonCert.pem new file mode 100644 index 000000000..e67b224b6 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509/moonCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA +4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw +FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww +BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX +8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA== +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..9c5a06945 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv +OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf new file mode 100755 index 000000000..d766a705c --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf @@ -0,0 +1,22 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random +} + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + syslog { + auth { + default = 0 + } + daemon { + default = 1 + } + } +} diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/pkcs8/sunKey.pem b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/pkcs8/sunKey.pem new file mode 100644 index 000000000..b83f62c13 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/pkcs8/sunKey.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0 +-----END PRIVATE KEY----- diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..12cee0fc6 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1,33 @@ +connections { + + gw-gw { + local_addrs = 192.168.0.2 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = sunCert.pem + id = sun.strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + net-net { + local_ts = 10.2.0.0/16 + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + rekey_time = 5400 + rekey_bytes = 500000000 + rekey_packets = 1000000 + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + mobike = no + reauth_time = 10800 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509/sunCert.pem b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509/sunCert.pem new file mode 100644 index 000000000..70af02017 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509/sunCert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT +EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5 +IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD +VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF +ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn +HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW +gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh +bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0 +cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG +AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq +8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem new file mode 100644 index 000000000..9c5a06945 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw +GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g +RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow +TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG +A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G +lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4 +MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv +OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ= +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/net2net-ed25519/posttest.dat b/testing/tests/swanctl/net2net-ed25519/posttest.dat new file mode 100755 index 000000000..8d47767a0 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/posttest.dat @@ -0,0 +1,7 @@ +moon::swanctl --terminate --ike gw-gw 2> /dev/null +moon::service charon stop 2> /dev/null +sun::service charon stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +moon::rm /etc/swanctl/pkcs8/* +sun::rm /etc/swanctl/pkcs8/* diff --git a/testing/tests/swanctl/net2net-ed25519/pretest.dat b/testing/tests/swanctl/net2net-ed25519/pretest.dat new file mode 100755 index 000000000..f939b3ac4 --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/pretest.dat @@ -0,0 +1,9 @@ +moon::rm /etc/swanctl/rsa/moonKey.pem +sun::rm /etc/swanctl/rsa/sunKey.pem +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::service charon start 2> /dev/null +sun::service charon start 2> /dev/null +moon::expect-connection gw-gw +sun::expect-connection gw-gw +moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-ed25519/test.conf b/testing/tests/swanctl/net2net-ed25519/test.conf new file mode 100755 index 000000000..07a3b247a --- /dev/null +++ b/testing/tests/swanctl/net2net-ed25519/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/net2net-gw/evaltest.dat b/testing/tests/swanctl/net2net-gw/evaltest.dat index 4908d80be..c104aae3e 100755 --- a/testing/tests/swanctl/net2net-gw/evaltest.dat +++ b/testing/tests/swanctl/net2net-gw/evaltest.dat @@ -1,5 +1,5 @@ -moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf index febe9faba..4f54f610a 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf index d450053e5..cdf6bcaf5 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf @@ -16,12 +16,12 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } gw-sun { local { diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf index febe9faba..4f54f610a 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf index 348e5329f..404af8ed8 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.2.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf index febe9faba..4f54f610a 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf index 68e70be81..6f41f1f84 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-multicast/evaltest.dat b/testing/tests/swanctl/net2net-multicast/evaltest.dat index e29f312ef..6efa23a00 100644 --- a/testing/tests/swanctl/net2net-multicast/evaltest.dat +++ b/testing/tests/swanctl/net2net-multicast/evaltest.dat @@ -2,8 +2,8 @@ alice::traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES bob:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES moon:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES sun:: traceroute -p 5353 -w 1 -q 1 -m 1 224.0.0.251::traceroute::YES -moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16 224.0.0.251/32] remote-ts=\[10.2.0.0/16 224.0.0.251/32]::YES -sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16 224.0.0.251/32] remote-ts=\[10.1.0.0/16 224.0.0.251/32]::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16 224.0.0.251/32] remote-ts=\[10.2.0.0/16 224.0.0.251/32]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16 224.0.0.251/32] remote-ts=\[10.1.0.0/16 224.0.0.251/32]::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES alice::tcpdump::IP bob.strongswan.org.*224.0.0.251::YES diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf index bbd60d849..2ff6ac024 100644 --- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf index 89d616c35..b27593d75 100755 --- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf @@ -24,12 +24,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf index 48c4b8375..b119e8274 100644 --- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf index 68ba24a8b..4b578d019 100755 --- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf @@ -24,12 +24,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-route/evaltest.dat b/testing/tests/swanctl/net2net-route/evaltest.dat index a500b2996..5a9537141 100755 --- a/testing/tests/swanctl/net2net-route/evaltest.dat +++ b/testing/tests/swanctl/net2net-route/evaltest.dat @@ -1,7 +1,7 @@ moon::swanctl --list-pols --raw 2> /dev/null::net-net.*mode=TUNNEL local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES moon::cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[icmp/8] === 10.2.0.10/32\[icmp/8]::YES -moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf index 7d7e5f9f5..9d7fa51d4 100755 --- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf index 3de6edcb6..2e1b76502 100755 --- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = trap updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf index 7d7e5f9f5..4ca179a5f 100755 --- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf index 5a9cd1308..3a523358d 100755 --- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = none updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat index 1d9bd6434..4c56d5299 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/evaltest.dat @@ -1,5 +1,5 @@ -moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf index 5b67bf37e..f102eeeae 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf index 9034651e7..bcc2742f7 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf index 5b67bf37e..f102eeeae 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf index 2b9ddcf72..12cee0fc6 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-start/evaltest.dat b/testing/tests/swanctl/net2net-start/evaltest.dat index 1d9bd6434..4c56d5299 100755 --- a/testing/tests/swanctl/net2net-start/evaltest.dat +++ b/testing/tests/swanctl/net2net-start/evaltest.dat @@ -1,5 +1,5 @@ -moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES -sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES +moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf index 7d7e5f9f5..1f367c2a0 100755 --- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf index 0713e7d25..a72957b20 100755 --- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = start updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf index 7d7e5f9f5..1f367c2a0 100755 --- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf index 5a9cd1308..3a523358d 100755 --- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = none updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-disabled/description.txt b/testing/tests/swanctl/ocsp-disabled/description.txt new file mode 100644 index 000000000..4875229ff --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/description.txt @@ -0,0 +1,10 @@ +By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on +both roadwarrior <b>carol</b> and gateway <b>moon</b>. +Client <b>carol</b>'s certificate includes an <b>OCSP URI</b> in an authority information +access extension pointing to <b>winnetou</b>. Gateway <b>moon</b>'s certificate doesn't +contain any such extensions but <b>carol</b>'s swanctl.conf contains a corresponding +authorities section. With the directive <b>charon.plugins.revocation.enable_ocsp = no</b> +in strongswan.conf all OCSP fetching is disabled and a fallback to CRL fetching occurs. +<p/> +<b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since +the status of both certificates is <b>good</b>. diff --git a/testing/tests/swanctl/ocsp-disabled/evaltest.dat b/testing/tests/swanctl/ocsp-disabled/evaltest.dat new file mode 100644 index 000000000..01fc2bc8b --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/evaltest.dat @@ -0,0 +1,8 @@ +moon:: cat /var/log/daemon.log::all OCSP validation disabled::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http://crl.strongswan.org/strongswan.crl::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES +carol::cat /var/log/daemon.log::all OCSP validation disabled::YES +carol::cat /var/log/daemon.log::fetching crl from.*http://crl.strongswan.org/strongswan.crl::YES +carol::cat /var/log/daemon.log::certificate status is good::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..e3eb4e36d --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf @@ -0,0 +1,16 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + auths = /usr/local/sbin/swanctl --load-authorities + } + plugins { + revocation { + enable_ocsp = no + } + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..2d7938a1b --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu8qaO +jRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS6ngw +OEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5WRqV +VDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbRwjx2 +afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj2uSt +n7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABAoIBAGuC6UU3NyvYqVc+ +AiVC+r1rdU/052Rj53ahQVPhNXGZDdGkXlkdTgVynk5s+sA65KTl+7ppyAL7vzWe +QBhRUXCXPxs+3yFwqWadmbAAa5PTjKPfwIb1YmCFxGm5CoWdziLbyxVTDHkiCbGA +QL8ZSu3wvN32ZyGZ4lO48+ZKi3B+uO5IRPN1YfJAa9g4q+Xt7nybS7hQnriZAn/v +5ff5StjalQ/241U5LUOrfgeUQIp2DxPiUwHiH/HH1KrcR4Vm4dQrZdOSqUHptoc9 +D7PorAJ0cB7m2FdqAUgEKh4ONy11spf1do79Yi2+XaacTgoCoX8E/1+icmfYvQV7 +rWIBasECgYEA3MIvMrOHgqSNQDgpmA5aq2HsjLgL+KBcQWIFAVhNZ8MOtTYdDIXV +ZKz0HJjaRi4dSvSGPxze9iRmvhydAupJANBJndTrgAoyRo/tLvGBbuYq9B8R+XM/ +gKBUx5/AwenM4JbSodVIzQIJX7lo+Or1H5TuxJ1Xm79rQMg1GOoMSmECgYEAxYxC +lIWpHrVKoktazeuNF9E56fB/EAAjsmpJE7PM+SFDvGWbRJR5Y7faiCySetCW4/LC +Urs2IxnkV7Mo+HgIRmp/K8BBIQ7UAC72mU/qlZeTtf0DH4NMSarPB9+pse8lcPrZ +dyr7q1o2TDd1Q+fFfNWU3KAi2RHtmqKwRECKLnMCgYBPYK9x7qXiLuLvXYJvP3IQ +v9Q7wQ3k51xk0ib0ldi3X6bRN9T4JMNXQO1BvyB1La2wvv3qgaoWHX6oC0fVvYJk +fYCK9P18+62aO7RQNdyRkMePIgDnji4eRQhXAzVfRH87nl+8eyGDPaE7P0Lkhi9/ +nKDCJ8VRpmGdWJ/nBnlG4QKBgQC9ZOuwWTT7K/SSBIzaP6rV2tIbZ2dqf7e5pgzJ +xugNMccvKHrkFTUMVYg+Zf1JohIIGQYVK0eL/5bcPfhZvzqvyAqEd535g63dPylN +c0EEin4jTJ9h5w+M0SYL9nNLFGxhFR7JEXyXm7XS/JiAsgS02lAN9blzQ6z5RGCa +DwZr4QKBgBJBG343JQqRNiQDolaiwzWdSmUxBjfEPzP+pvXJ8pazAUeBdugcm59v +2whpaffSBJzy4ixInTDmAMhIqvkLlc6GrlTPIur4Gts+hssAjsQN0wEPpG1z+ui4 +4KH/klS64465eK40dplWn1akjOb0KaQsjNwffyfzszvh5+8PkzgB +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..6fd22973f --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + revocation = strict + } + children { + home { + remote_ts = 10.1.0.0/16 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +authorities { + + strongswan { + cacert = strongswanCert.pem + ocsp_uris = http://ocsp.strongswan.org:8880 + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..d1e85db8a --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE3MDMyMDIwNTI0NFoXDTE5MDkwNjIwNTI0NFowVjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax +HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu +8qaOjRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS +6ngwOEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5 +WRqVVDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbR +wjx2afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj +2uStn7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABo4IBQzCCAT8wCQYD +VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFJCYo8BXG9mSEkp2ag3HiT74 +TT+4MG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD +VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry +b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry +b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0 +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCo +tFCDUTmBfPjeaDQVCv7uBausS0sZCw+Pw7zypqo3vyRm0R2Ds2eymfVI4/Zc1NwW +hYCy9D1f1r2gukI2jDWHdDwNMQPptyx0Kxr98SIlm9ms8jGT7GZ5l0SdkGe5GDMO +vq7FscqQZX/KkdFk3ye/ONffFS/ukjVRHu8971BNODcRbG0OBhEI2TQsIyxf/iir +taI23m8b9dclikqZx3FqoxfTHSN5T5KHntpH7KVIS00hrlavxkLLMn5oePRnkBWu +feSmpfbOBbnEpElLtJM5K8AjArGOx8nxrtw/KNjMiOsyfCim1r0ff1tnZGtHhHCq +ZCZKA5DsRXZVWasv1CIz +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..3912f5e07 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf @@ -0,0 +1,15 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + plugins { + revocation { + enable_ocsp = no + } + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..710307195 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + revocation = strict + } + children { + net { + local_ts = 10.1.0.0/16 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/posttest.dat b/testing/tests/swanctl/ocsp-disabled/posttest.dat new file mode 100644 index 000000000..672f4188c --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/posttest.dat @@ -0,0 +1,3 @@ +carol::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null diff --git a/testing/tests/swanctl/ocsp-disabled/pretest.dat b/testing/tests/swanctl/ocsp-disabled/pretest.dat new file mode 100644 index 000000000..e6d60458d --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/pretest.dat @@ -0,0 +1,5 @@ +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home diff --git a/testing/tests/swanctl/ocsp-disabled/test.conf b/testing/tests/swanctl/ocsp-disabled/test.conf new file mode 100644 index 000000000..c5b3ecc43 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/ocsp-signer-cert/description.txt b/testing/tests/swanctl/ocsp-signer-cert/description.txt new file mode 100644 index 000000000..22496f1cb --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/description.txt @@ -0,0 +1,10 @@ +By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on +both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status +is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate +issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b> +extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b> +in an authority information access extension pointing to <b>winnetou</b>. +Therefore no special authorities section information is needed in moon's swanctl.conf. +<p> +<b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since +the status of both certificates is <b>good</b>. diff --git a/testing/tests/swanctl/ocsp-signer-cert/evaltest.dat b/testing/tests/swanctl/ocsp-signer-cert/evaltest.dat new file mode 100644 index 000000000..45972168d --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/evaltest.dat @@ -0,0 +1,11 @@ +carol::swanctl --list-authorities 2> /dev/null::ocsp_uris: http://ocsp.strongswan.org:8880::YES +moon:: cat /var/log/daemon.log::requesting ocsp status::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES +carol::cat /var/log/daemon.log::requesting ocsp status::YES +carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES +carol::cat /var/log/daemon.log::ocsp response is valid::YES +carol::cat /var/log/daemon.log::certificate status is good::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..9ea516013 --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + auths = /usr/local/sbin/swanctl --load-authorities + } +} diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..2d7938a1b --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu8qaO +jRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS6ngw +OEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5WRqV +VDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbRwjx2 +afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj2uSt +n7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABAoIBAGuC6UU3NyvYqVc+ +AiVC+r1rdU/052Rj53ahQVPhNXGZDdGkXlkdTgVynk5s+sA65KTl+7ppyAL7vzWe +QBhRUXCXPxs+3yFwqWadmbAAa5PTjKPfwIb1YmCFxGm5CoWdziLbyxVTDHkiCbGA +QL8ZSu3wvN32ZyGZ4lO48+ZKi3B+uO5IRPN1YfJAa9g4q+Xt7nybS7hQnriZAn/v +5ff5StjalQ/241U5LUOrfgeUQIp2DxPiUwHiH/HH1KrcR4Vm4dQrZdOSqUHptoc9 +D7PorAJ0cB7m2FdqAUgEKh4ONy11spf1do79Yi2+XaacTgoCoX8E/1+icmfYvQV7 +rWIBasECgYEA3MIvMrOHgqSNQDgpmA5aq2HsjLgL+KBcQWIFAVhNZ8MOtTYdDIXV +ZKz0HJjaRi4dSvSGPxze9iRmvhydAupJANBJndTrgAoyRo/tLvGBbuYq9B8R+XM/ +gKBUx5/AwenM4JbSodVIzQIJX7lo+Or1H5TuxJ1Xm79rQMg1GOoMSmECgYEAxYxC +lIWpHrVKoktazeuNF9E56fB/EAAjsmpJE7PM+SFDvGWbRJR5Y7faiCySetCW4/LC +Urs2IxnkV7Mo+HgIRmp/K8BBIQ7UAC72mU/qlZeTtf0DH4NMSarPB9+pse8lcPrZ +dyr7q1o2TDd1Q+fFfNWU3KAi2RHtmqKwRECKLnMCgYBPYK9x7qXiLuLvXYJvP3IQ +v9Q7wQ3k51xk0ib0ldi3X6bRN9T4JMNXQO1BvyB1La2wvv3qgaoWHX6oC0fVvYJk +fYCK9P18+62aO7RQNdyRkMePIgDnji4eRQhXAzVfRH87nl+8eyGDPaE7P0Lkhi9/ +nKDCJ8VRpmGdWJ/nBnlG4QKBgQC9ZOuwWTT7K/SSBIzaP6rV2tIbZ2dqf7e5pgzJ +xugNMccvKHrkFTUMVYg+Zf1JohIIGQYVK0eL/5bcPfhZvzqvyAqEd535g63dPylN +c0EEin4jTJ9h5w+M0SYL9nNLFGxhFR7JEXyXm7XS/JiAsgS02lAN9blzQ6z5RGCa +DwZr4QKBgBJBG343JQqRNiQDolaiwzWdSmUxBjfEPzP+pvXJ8pazAUeBdugcm59v +2whpaffSBJzy4ixInTDmAMhIqvkLlc6GrlTPIur4Gts+hssAjsQN0wEPpG1z+ui4 +4KH/klS64465eK40dplWn1akjOb0KaQsjNwffyfzszvh5+8PkzgB +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..6fd22973f --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + revocation = strict + } + children { + home { + remote_ts = 10.1.0.0/16 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +authorities { + + strongswan { + cacert = strongswanCert.pem + ocsp_uris = http://ocsp.strongswan.org:8880 + } +} diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..d1e85db8a --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgIBODANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTE3MDMyMDIwNTI0NFoXDTE5MDkwNjIwNTI0NFowVjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax +HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAqlph7feSim5jou6cNCWB/6E+ptfLuEwtpNv4oRa6wHGu +8qaOjRqaV/rsVJFPTMotGD9u0uHkI9j4hoRm6JgfKCrULQWHizE3mE8T5X9k2HNS +6ngwOEkxGZgV7p3kq/GW654rfmHdmbRlNNBZa6cO9H3o7iOYibVLHk4Yd93lC5/5 +WRqVVDPdGFMUT71kIRh4MZhpmKgxNL8tftDs+FeFw1j5HDFzlapurWniawlXJFbR +wjx2afYZ2wH1zFArQ2j8LvObEB4VSFrOy3B5J57hrslFP8609/jFeNuLOt0xc6Gj +2uStn7TIvjF4KpcZv++VQ+B0bTQoRN33NAM7sSzXkwIDAQABo4IBQzCCAT8wCQYD +VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFJCYo8BXG9mSEkp2ag3HiT74 +TT+4MG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD +VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry +b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry +b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0 +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCo +tFCDUTmBfPjeaDQVCv7uBausS0sZCw+Pw7zypqo3vyRm0R2Ds2eymfVI4/Zc1NwW +hYCy9D1f1r2gukI2jDWHdDwNMQPptyx0Kxr98SIlm9ms8jGT7GZ5l0SdkGe5GDMO +vq7FscqQZX/KkdFk3ye/ONffFS/ukjVRHu8971BNODcRbG0OBhEI2TQsIyxf/iir +taI23m8b9dclikqZx3FqoxfTHSN5T5KHntpH7KVIS00hrlavxkLLMn5oePRnkBWu +feSmpfbOBbnEpElLtJM5K8AjArGOx8nxrtw/KNjMiOsyfCim1r0ff1tnZGtHhHCq +ZCZKA5DsRXZVWasv1CIz +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..9ba617c0a --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } +} diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..710307195 --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + revocation = strict + } + children { + net { + local_ts = 10.1.0.0/16 + + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat new file mode 100644 index 000000000..672f4188c --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat @@ -0,0 +1,3 @@ +carol::swanctl --terminate --ike home +carol::service charon stop 2> /dev/null +moon::service charon stop 2> /dev/null diff --git a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat new file mode 100644 index 000000000..e6d60458d --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat @@ -0,0 +1,5 @@ +moon::service charon start 2> /dev/null +carol::service charon start 2> /dev/null +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home diff --git a/testing/tests/swanctl/ocsp-signer-cert/test.conf b/testing/tests/swanctl/ocsp-signer-cert/test.conf new file mode 100644 index 000000000..c5b3ecc43 --- /dev/null +++ b/testing/tests/swanctl/ocsp-signer-cert/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/protoport-dual/evaltest.dat b/testing/tests/swanctl/protoport-dual/evaltest.dat index 74ba593a3..b5eec4b31 100644 --- a/testing/tests/swanctl/protoport-dual/evaltest.dat +++ b/testing/tests/swanctl/protoport-dual/evaltest.dat @@ -1,7 +1,7 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp]] remote-ts=\[10.1.0.0/16\[icmp]].*ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32\[tcp]] remote-ts=\[10.1.0.0/16\[tcp/ssh]::YES -moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp]] remote-ts=\[192.168.0.100/32\[icmp]].*ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16\[tcp/ssh]] remote-ts=\[192.168.0.100/32\[tcp]]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp]] remote-ts=\[10.1.0.0/16\[icmp]].*ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=CURVE_25519.*local-ts=\[192.168.0.100/32\[tcp]] remote-ts=\[10.1.0.0/16\[tcp/ssh]::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*icmp.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp]] remote-ts=\[192.168.0.100/32\[icmp]].*ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=CURVE_25519.*local-ts=\[10.1.0.0/16\[tcp/ssh]] remote-ts=\[192.168.0.100/32\[tcp]]::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf index 5cf4d0cf1..383a24213 100644 --- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf index c33f05cba..e0cc29233 100755 --- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf @@ -19,17 +19,17 @@ connections { remote_ts = 10.1.0.0/16[icmp] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } ssh { local_ts = dynamic[tcp] remote_ts = 10.1.0.0/16[tcp/ssh] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf index 1065d9ab0..383a24213 100644 --- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf index 71d709958..7851f43ec 100755 --- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf @@ -18,7 +18,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } ssh { local_ts = 10.1.0.0/16[tcp/ssh] @@ -26,10 +26,10 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-range/evaltest.dat b/testing/tests/swanctl/protoport-range/evaltest.dat index 45bf76fab..c8d4c058e 100644 --- a/testing/tests/swanctl/protoport-range/evaltest.dat +++ b/testing/tests/swanctl/protoport-range/evaltest.dat @@ -1,7 +1,7 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_.eq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/8]] remote-ts=\[10.1.0.0/16\[icmp/8]].*icmp-rep.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/0]] remote-ts=\[10.1.0.0/16\[icmp/0]].*ftp-ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32\[tcp/32768-65535]] remote-ts=\[10.1.0.0/16\[tcp/21-22]::YES -moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/8]] remote-ts=\[192.168.0.100/32\[icmp/8]].*icmp-rep.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/0]] remote-ts=\[192.168.0.100/32\[icmp/0]].*ftp-ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/16\[tcp/21-22]] remote-ts=\[192.168.0.100/32\[tcp/32768-65535]]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/8]] remote-ts=\[10.1.0.0/16\[icmp/8]].*icmp-rep.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32\[icmp/0]] remote-ts=\[10.1.0.0/16\[icmp/0]].*ftp-ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=CURVE_25519.*local-ts=\[192.168.0.100/32\[tcp/32768-65535]] remote-ts=\[10.1.0.0/16\[tcp/21-22]::YES +moon::swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*icmp-req.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/8]] remote-ts=\[192.168.0.100/32\[icmp/8]].*icmp-rep.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16\[icmp/0]] remote-ts=\[192.168.0.100/32\[icmp/0]].*ftp-ssh.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=CURVE_25519.*local-ts=\[10.1.0.0/16\[tcp/21-22]] remote-ts=\[192.168.0.100/32\[tcp/32768-65535]]::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf index 5cf4d0cf1..383a24213 100644 --- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf index 441417274..a752c2660 100755 --- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf @@ -19,24 +19,24 @@ connections { remote_ts = 10.1.0.0/16[icmp/2048] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } icmp-rep { local_ts = dynamic[icmp/0] remote_ts = 10.1.0.0/16[icmp/0] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } ftp-ssh { local_ts = dynamic[tcp/32768-65535] remote_ts = 10.1.0.0/16[tcp/21-22] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf index 1065d9ab0..383a24213 100644 --- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf index c5a2a7150..3d140a335 100755 --- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf @@ -18,7 +18,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } icmp-rep { local_ts = 10.1.0.0/16[icmp/0] @@ -26,7 +26,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } ftp-ssh { local_ts = 10.1.0.0/16[tcp/21-22] @@ -34,10 +34,10 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/evaltest.dat b/testing/tests/swanctl/rw-cert/evaltest.dat index 51bf8c1ba..8a8a95f7e 100755 --- a/testing/tests/swanctl/rw-cert/evaltest.dat +++ b/testing/tests/swanctl/rw-cert/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf index 7d7e5f9f5..909bca0fc 100755 --- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf index 6cdc7bdf5..5484bc8a8 100755 --- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf index 7d7e5f9f5..909bca0fc 100755 --- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf index e65ec7a18..2c5c8f3ee 100755 --- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf @@ -18,10 +18,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf index 7d7e5f9f5..909bca0fc 100755 --- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf index a3c51c889..b938f0df5 100755 --- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/evaltest.dat b/testing/tests/swanctl/rw-dnssec/evaltest.dat index 6dafe78b6..73a2ff4b0 100644 --- a/testing/tests/swanctl/rw-dnssec/evaltest.dat +++ b/testing/tests/swanctl/rw-dnssec/evaltest.dat @@ -1,15 +1,15 @@ carol::cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES dave:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*moon.strongswan.org::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*carol.strongswan.org::YES moon:: cat /var/log/daemon.log::performing a DNS query for IPSECKEY RRs of.*dave.strongswan.org::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.3.0.1] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.3.0.2] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf index 7913dafc1..ec6625370 100644 --- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf index 2d14b32c5..edb9710e2 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf index 7913dafc1..ec6625370 100644 --- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf index ba511a496..b894dc7fb 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf index 9eafa0ded..dcca175db 100644 --- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey gmp hmac vici kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf index 33c417063..6b1a2c281 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat index 51bf8c1ba..8a8a95f7e 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf index 3b492f0d4..14afb43a1 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf index 229b6022c..173b7ff4a 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf index 3b492f0d4..14afb43a1 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf index adf9326c7..04042cd79 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf index 646ee0e4c..c090d6853 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey gmp curl eap-tls kernel-netlink socket-default updown vici + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf index ec6b06bbc..9070fc3d4 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf @@ -16,11 +16,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat index f0a25b166..a7f04b53a 100755 --- a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat +++ b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat @@ -2,10 +2,10 @@ carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES moon:: cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES moon:: cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf index 4b0e31118..d58694c38 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf index 401b9fa49..f01ee1270 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf index 4b0e31118..d58694c38 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf index b1e734def..ac16338e2 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf index 4b0e31118..d58694c38 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf index f8931756d..530abbd6e 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf @@ -16,11 +16,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat index e7bff2df1..f91649b3b 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat @@ -2,9 +2,9 @@ alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES -moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf index bbb6f6cc3..22b318472 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf index 12f62cf4e..61d81502a 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { remote_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-modp3072 + esp_proposals = aes128-sha256-x25519 } } version = 1 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf index c5c1fc3b8..a55b90a5d 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf index 71ae251a6..e7b5caaf8 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ swanctl { } charon { - load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf index 8356c0249..76a6c8970 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-modp3072 + esp_proposals = aes128-sha256-x25519 } } version = 1 - proposals = aes128-sha256-modp3072,3des-sha1-modp2048 + proposals = aes128-sha256-x25519,3des-sha1-modp2048 } rw-2 { @@ -40,6 +40,6 @@ connections { } } version = 1 - proposals = 3des-sha1-modp2048,aes128-sha256-modp3072 + proposals = 3des-sha1-modp2048,aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf index 00576a842..6bfef3d39 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random } charon { diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf index 83cfb4ee0..1d90adb5d 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random } charon { - load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici + load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici send_vendor_id = yes fragment_size = 1500 diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf index 98de2c921..d4e3ca2e5 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random } charon { diff --git a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat index 41595b60c..1a34a9248 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index 68df22ac8..335f38995 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf index 9bf759ee3..cfa7f7ed3 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index 68df22ac8..335f38995 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf index 1f2beefef..0a8499cf1 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index 68df22ac8..335f38995 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf index 7138b5d4a..109417276 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat index 097489da5..3eacc397d 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat @@ -4,10 +4,10 @@ alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE25519.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32] moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf index 8c0f03f0a..e539ea5f4 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf index dcfcd0b4e..35fbfdac8 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { remote_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp2048 + esp_proposals = aes128gcm128-x25519 } } version = 1 - proposals = aes128-sha256-modp2048 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf index df1424dde..02f6c1b36 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf index 8cd79ea20..cc6e93652 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { remote_ts = 10.1.0.17-10.1.0.20 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes192gcm128-modp3072 + esp_proposals = aes192gcm128-modp4096 } } version = 1 - proposals = aes192-sha384-modp3072 + proposals = aes192-sha384-modp4096 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf index 5f2190192..c42979965 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf index be1bf8afe..cd9c45504 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp2048 + esp_proposals = aes128gcm128-x25519 } } version = 1 - proposals = aes128-sha256-modp2048 + proposals = aes128-sha256-x25519 } rw-2 { @@ -37,11 +37,11 @@ connections { local_ts = 10.1.0.17-10.1.0.20 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes192gcm128-modp3072 + esp_proposals = aes192gcm128-modp4096 } } version = 1 - proposals = aes192-sha384-modp3072 + proposals = aes192-sha384-modp4096 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat index 1f9fb0e0f..c4d46e706 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat @@ -1,7 +1,7 @@ -carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES -dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES -moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] -moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32] +moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32] alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index c560a37f5..53973cf61 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf index 8b3863bb6..467a869c3 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index c560a37f5..53973cf61 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf index 83f3c0a7a..a9e866fe5 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index c560a37f5..5efaed621 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = random openssl } charon { - load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf index 9b4f7cea2..cb36d6ca0 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf @@ -14,11 +14,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat index 032cd6871..dd0d8ec08 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat +++ b/testing/tests/swanctl/shunt-policies-nat-rw/evaltest.dat @@ -4,10 +4,10 @@ alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[0.0.0.0/0]::YES -venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.20 local-port=4500 local-id=venus.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*local-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[0.0.0.0/0]::YES -sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice@strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES -sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.2/32]::YES +alice::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=4500 local-id=alice@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[0.0.0.0/0]::YES +venus::swanctl --list-sas --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=10.1.0.20 local-port=4500 local-id=venus.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-local=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[0.0.0.0/0]::YES +sun::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=alice@strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.3.0.1] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.1/32]::YES +sun::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::nat-t.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1.*remote-id=venus.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[10.3.0.2] child-sas.*nat-t.*state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[0.0.0.0/0] remote-ts=\[10.3.0.2/32]::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES moon::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.*: UDP-encap: ESP::YES alice::tcpdump::IP alice.strongswan.org > venus.strongswan.org: ICMP::YES diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf index 9622bb089..ee5b26120 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf index 373f8a76a..c5c67cf28 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } local-net { diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf index 38794af25..e5c0136d8 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf index 2f21d4a9b..1edbf338c 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf index 9622bb089..ee5b26120 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown start-scripts { creds = /usr/local/sbin/swanctl --load-creds diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf index bb9ca080a..9f925e905 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-modp3072 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-modp3072 + proposals = aes128-sha256-x25519 } local-net { diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini index ea9cbbee4..5ae53c47a 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongTNC/settings.ini @@ -16,4 +16,4 @@ Your Name: alice@strongswan.org [security] SECRET_KEY=strongSwan -ALLOWED_HOSTS=127.0.0.1,10.10.0.1,tnc.strongswan.org,tnc +ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat index 36c7cc6a2..385cc305a 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat @@ -16,7 +16,7 @@ alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db -alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan +alice::/usr/local/bin/init_tnc alice::service apache2 start alice::service charon start moon::service charon start diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini index ea9cbbee4..5ae53c47a 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongTNC/settings.ini @@ -16,4 +16,4 @@ Your Name: alice@strongswan.org [security] SECRET_KEY=strongSwan -ALLOWED_HOSTS=127.0.0.1,10.10.0.1,tnc.strongswan.org,tnc +ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index 860a6c342..17951e811 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat @@ -10,7 +10,7 @@ alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db -alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan +alice::/usr/local/bin/init_tnc alice::rm /etc/swanctl/x509/aliceCert.pem alice::rm /etc/swanctl/rsa/aliceKey.pem alice::service charon start |