From 7c52c3f35cdbdff58443b994f2f33d13b4d81f57 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Tue, 23 Jun 2009 11:35:38 +0000 Subject: Updated to new upstream version. --- testing/tests/ikev1/esp-alg-strict/description.txt | 8 ++++---- testing/tests/ikev1/esp-alg-strict/evaltest.dat | 10 +++++----- testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf | 4 ++-- testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) (limited to 'testing/tests/ikev1/esp-alg-strict') diff --git a/testing/tests/ikev1/esp-alg-strict/description.txt b/testing/tests/ikev1/esp-alg-strict/description.txt index b4fc08253..149a1e013 100644 --- a/testing/tests/ikev1/esp-alg-strict/description.txt +++ b/testing/tests/ikev1/esp-alg-strict/description.txt @@ -1,7 +1,7 @@ -Roadwarrior carol proposes 3DES encryption (together with -SHA-1 authentication) in the first place and AES-128 encryption in +Roadwarrior carol proposes 3DES_CBC encryption (together with +HMAC_SHA1 authentication) in the first place and AES_CBC_128 encryption in second place for both the ISAKMP and IPsec SAs. Gateway moon defines -ike=aes-128-sha but will accept any other supported algorithm proposed +ike=aes128-sha1 but will accept any other supported algorithm proposed by the peer during Phase 1. But for ESP encryption moon enforces -esp=aes-128-sha1! by applying the strict flag '!'. +esp=aes128-sha1! by applying the strict flag '!'. diff --git a/testing/tests/ikev1/esp-alg-strict/evaltest.dat b/testing/tests/ikev1/esp-alg-strict/evaltest.dat index d5dd12d4e..912a8d830 100644 --- a/testing/tests/ikev1/esp-alg-strict/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-strict/evaltest.dat @@ -1,7 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES -moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES -moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES -carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES -carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES +moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES +moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES +moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES +carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES +carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf index 0ae6b0693..7e2de30cd 100755 --- a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=3des-sha,aes-128-sha - esp=3des-sha1,aes-128-sha1 + ike=3des-sha,aes128-sha1 + esp=3des-sha1,aes128-sha1 conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf index 5bf53b8bc..14f58ccc3 100755 --- a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha + ike=aes128-sha1 esp=aes128-sha1! conn rw -- cgit v1.2.3