From 1ac70afcc1f7d6d2738a34308810719b0976d29f Mon Sep 17 00:00:00 2001
From: Rene Mayrhofer <rene@mayrhofer.eu.org>
Date: Tue, 25 May 2010 19:01:36 +0000
Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.4.0)
---
.../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../ike/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../ike/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../rw_v1-net_v2/hosts/moon/etc/strongswan.conf | 2 +-
.../ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf | 2 +-
testing/tests/ike2/description.txt | 6 +
testing/tests/ike2/evaltest.dat | 8 ++
testing/tests/ike2/hosts/bob/etc/hosts | 70 ++++++++++
testing/tests/ike2/hosts/moon/etc/ipsec.conf | 25 ++++
testing/tests/ike2/hosts/moon/etc/nat_updown | 152 +++++++++++++++++++++
testing/tests/ike2/hosts/moon/etc/strongswan.conf | 6 +
testing/tests/ike2/hosts/sun/etc/ipsec.conf | 25 ++++
testing/tests/ike2/hosts/sun/etc/strongswan.conf | 6 +
testing/tests/ike2/posttest.dat | 5 +
testing/tests/ike2/pretest.dat | 9 ++
testing/tests/ike2/test.conf | 21 +++
.../tests/ikev1/alg-modp-subgroup/description.txt | 14 ++
testing/tests/ikev1/alg-modp-subgroup/evaltest.dat | 13 ++
.../alg-modp-subgroup/hosts/carol/etc/ipsec.conf | 25 ++++
.../alg-modp-subgroup/hosts/dave/etc/ipsec.conf | 25 ++++
.../alg-modp-subgroup/hosts/moon/etc/ipsec.conf | 24 ++++
testing/tests/ikev1/alg-modp-subgroup/posttest.dat | 6 +
testing/tests/ikev1/alg-modp-subgroup/pretest.dat | 9 ++
testing/tests/ikev1/alg-modp-subgroup/test.conf | 21 +++
.../hosts/moon/etc/ipsec.d/aacerts/aaCert.pem | 34 ++---
.../attr-cert/hosts/moon/etc/openac/aaKey.pem | 50 +++----
.../tests/ikev1/esp-alg-aes-gmac/description.txt | 4 +
testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat | 7 +
.../esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf | 26 ++++
.../esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf | 25 ++++
testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat | 4 +
testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat | 6 +
testing/tests/ikev1/esp-alg-aes-gmac/test.conf | 21 +++
.../ip-pool-db-push/hosts/moon/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev1/ip-pool/description.txt | 10 ++
testing/tests/ikev1/ip-pool/evaltest.dat | 26 ++++
.../tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf | 25 ++++
.../ikev1/ip-pool/hosts/carol/etc/strongswan.conf | 11 ++
.../tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf | 25 ++++
.../ikev1/ip-pool/hosts/dave/etc/strongswan.conf | 11 ++
.../tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf | 24 ++++
.../ikev1/ip-pool/hosts/moon/etc/strongswan.conf | 11 ++
testing/tests/ikev1/ip-pool/posttest.dat | 8 ++
testing/tests/ikev1/ip-pool/pretest.dat | 10 ++
testing/tests/ikev1/ip-pool/test.conf | 21 +++
.../tests/ikev1/ip-two-pools-mixed/description.txt | 9 ++
.../tests/ikev1/ip-two-pools-mixed/evaltest.dat | 17 +++
.../hosts/alice/etc/init.d/iptables | 78 +++++++++++
.../ip-two-pools-mixed/hosts/alice/etc/ipsec.conf | 24 ++++
.../hosts/alice/etc/strongswan.conf | 11 ++
.../ip-two-pools-mixed/hosts/carol/etc/ipsec.conf | 24 ++++
.../hosts/carol/etc/strongswan.conf | 11 ++
.../hosts/moon/etc/init.d/iptables | 91 ++++++++++++
.../ip-two-pools-mixed/hosts/moon/etc/ipsec.conf | 28 ++++
.../hosts/moon/etc/strongswan.conf | 17 +++
.../tests/ikev1/ip-two-pools-mixed/posttest.dat | 13 ++
testing/tests/ikev1/ip-two-pools-mixed/pretest.dat | 15 ++
testing/tests/ikev1/ip-two-pools-mixed/test.conf | 21 +++
testing/tests/ikev1/ip-two-pools/description.txt | 9 ++
testing/tests/ikev1/ip-two-pools/evaltest.dat | 18 +++
.../ip-two-pools/hosts/alice/etc/init.d/iptables | 78 +++++++++++
.../ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf | 24 ++++
.../ip-two-pools/hosts/alice/etc/strongswan.conf | 11 ++
.../ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf | 24 ++++
.../ip-two-pools/hosts/carol/etc/strongswan.conf | 11 ++
.../ip-two-pools/hosts/moon/etc/init.d/iptables | 91 ++++++++++++
.../ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf | 28 ++++
.../ip-two-pools/hosts/moon/etc/strongswan.conf | 11 ++
testing/tests/ikev1/ip-two-pools/posttest.dat | 12 ++
testing/tests/ikev1/ip-two-pools/pretest.dat | 12 ++
testing/tests/ikev1/ip-two-pools/test.conf | 21 +++
.../hosts/moon/etc/strongswan.conf | 2 +-
.../mode-config/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
testing/tests/ikev1/protoport-route/pretest.dat | 6 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../alg-3des-md5/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-3des-md5/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +-
.../tests/ikev2/alg-modp-subgroup/description.txt | 14 ++
testing/tests/ikev2/alg-modp-subgroup/evaltest.dat | 15 ++
.../alg-modp-subgroup/hosts/carol/etc/ipsec.conf | 24 ++++
.../hosts/carol/etc/strongswan.conf | 5 +
.../alg-modp-subgroup/hosts/dave/etc/ipsec.conf | 24 ++++
.../hosts/dave/etc/strongswan.conf | 5 +
.../alg-modp-subgroup/hosts/moon/etc/ipsec.conf | 23 ++++
.../hosts/moon/etc/strongswan.conf | 5 +
testing/tests/ikev2/alg-modp-subgroup/posttest.dat | 6 +
testing/tests/ikev2/alg-modp-subgroup/pretest.dat | 9 ++
testing/tests/ikev2/alg-modp-subgroup/test.conf | 21 +++
.../alg-sha256-96/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha256-96/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha256/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha256/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/moon/etc/strongswan.conf | 2 +-
.../any-interface/hosts/alice/etc/strongswan.conf | 2 +-
.../any-interface/hosts/bob/etc/strongswan.conf | 2 +-
.../any-interface/hosts/moon/etc/strongswan.conf | 2 +-
.../any-interface/hosts/sun/etc/strongswan.conf | 2 +-
.../ikev2/compress/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/compress/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../config-payload/hosts/carol/etc/strongswan.conf | 2 +-
.../config-payload/hosts/dave/etc/strongswan.conf | 2 +-
.../config-payload/hosts/moon/etc/strongswan.conf | 2 +-
.../crl-from-cache/hosts/carol/etc/strongswan.conf | 2 +-
.../crl-from-cache/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/crl-ldap/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/crl-ldap/hosts/moon/etc/strongswan.conf | 2 +-
.../crl-revoked/hosts/carol/etc/strongswan.conf | 2 +-
.../crl-revoked/hosts/moon/etc/strongswan.conf | 2 +-
.../crl-to-cache/hosts/carol/etc/strongswan.conf | 2 +-
.../crl-to-cache/hosts/moon/etc/strongswan.conf | 2 +-
.../default-keys/hosts/carol/etc/strongswan.conf | 2 +-
.../default-keys/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/dhcp-dynamic/description.txt | 8 ++
testing/tests/ikev2/dhcp-dynamic/evaltest.dat | 22 +++
.../ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf | 24 ++++
.../dhcp-dynamic/hosts/carol/etc/strongswan.conf | 5 +
.../ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf | 24 ++++
.../dhcp-dynamic/hosts/dave/etc/strongswan.conf | 5 +
.../ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf | 9 ++
.../dhcp-dynamic/hosts/moon/etc/init.d/iptables | 91 ++++++++++++
.../ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf | 23 ++++
.../dhcp-dynamic/hosts/moon/etc/strongswan.conf | 10 ++
.../ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf | 14 ++
.../dhcp-dynamic/hosts/venus/etc/dnsmasq.conf | 7 +
.../dhcp-dynamic/hosts/venus/etc/init.d/dhcpd | 24 ++++
testing/tests/ikev2/dhcp-dynamic/posttest.dat | 10 ++
testing/tests/ikev2/dhcp-dynamic/pretest.dat | 12 ++
testing/tests/ikev2/dhcp-dynamic/test.conf | 21 +++
.../ikev2/dhcp-static-client-id/description.txt | 11 ++
.../tests/ikev2/dhcp-static-client-id/evaltest.dat | 22 +++
.../hosts/carol/etc/ipsec.conf | 24 ++++
.../hosts/carol/etc/strongswan.conf | 5 +
.../hosts/dave/etc/ipsec.conf | 24 ++++
.../hosts/dave/etc/strongswan.conf | 5 +
.../hosts/moon/etc/dhcpd.conf | 9 ++
.../hosts/moon/etc/init.d/iptables | 91 ++++++++++++
.../hosts/moon/etc/ipsec.conf | 23 ++++
.../hosts/moon/etc/strongswan.conf | 10 ++
.../hosts/venus/etc/dhcpd.conf | 25 ++++
.../hosts/venus/etc/dnsmasq.conf | 9 ++
.../hosts/venus/etc/init.d/dhcpd | 24 ++++
.../tests/ikev2/dhcp-static-client-id/posttest.dat | 9 ++
.../tests/ikev2/dhcp-static-client-id/pretest.dat | 12 ++
.../tests/ikev2/dhcp-static-client-id/test.conf | 21 +++
.../tests/ikev2/dhcp-static-mac/description.txt | 12 ++
testing/tests/ikev2/dhcp-static-mac/evaltest.dat | 22 +++
.../dhcp-static-mac/hosts/carol/etc/ipsec.conf | 24 ++++
.../hosts/carol/etc/strongswan.conf | 5 +
.../dhcp-static-mac/hosts/dave/etc/ipsec.conf | 24 ++++
.../dhcp-static-mac/hosts/dave/etc/strongswan.conf | 5 +
.../dhcp-static-mac/hosts/moon/etc/dhcpd.conf | 9 ++
.../dhcp-static-mac/hosts/moon/etc/init.d/iptables | 91 ++++++++++++
.../dhcp-static-mac/hosts/moon/etc/ipsec.conf | 23 ++++
.../dhcp-static-mac/hosts/moon/etc/strongswan.conf | 11 ++
.../dhcp-static-mac/hosts/venus/etc/dhcpd.conf | 25 ++++
.../dhcp-static-mac/hosts/venus/etc/dnsmasq.conf | 9 ++
.../dhcp-static-mac/hosts/venus/etc/init.d/dhcpd | 24 ++++
testing/tests/ikev2/dhcp-static-mac/posttest.dat | 9 ++
testing/tests/ikev2/dhcp-static-mac/pretest.dat | 12 ++
testing/tests/ikev2/dhcp-static-mac/test.conf | 21 +++
.../double-nat-net/hosts/alice/etc/strongswan.conf | 2 +-
.../double-nat-net/hosts/bob/etc/strongswan.conf | 2 +-
.../double-nat/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/double-nat/hosts/bob/etc/strongswan.conf | 2 +-
.../dpd-clear/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/dpd-clear/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/dpd-hold/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/dpd-hold/hosts/moon/etc/strongswan.conf | 2 +-
.../dpd-restart/hosts/carol/etc/strongswan.conf | 2 +-
.../dpd-restart/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf | 2 +-
.../tests/ikev2/esp-alg-aes-gmac/description.txt | 4 +
testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat | 7 +
.../esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf | 25 ++++
.../hosts/carol/etc/strongswan.conf | 5 +
.../esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf | 24 ++++
.../hosts/moon/etc/strongswan.conf | 5 +
testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat | 4 +
testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat | 6 +
testing/tests/ikev2/esp-alg-aes-gmac/test.conf | 21 +++
.../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +-
testing/tests/ikev2/farp/description.txt | 6 +
testing/tests/ikev2/farp/evaltest.dat | 22 +++
.../tests/ikev2/farp/hosts/carol/etc/ipsec.conf | 24 ++++
.../ikev2/farp/hosts/carol/etc/strongswan.conf | 5 +
testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf | 24 ++++
.../ikev2/farp/hosts/dave/etc/strongswan.conf | 5 +
testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf | 30 ++++
.../ikev2/farp/hosts/moon/etc/strongswan.conf | 7 +
testing/tests/ikev2/farp/posttest.dat | 6 +
testing/tests/ikev2/farp/pretest.dat | 12 ++
testing/tests/ikev2/farp/test.conf | 21 +++
.../hosts/alice/etc/strongswan.conf | 2 +-
.../force-udp-encaps/hosts/sun/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-pool-db/hosts/moon/etc/strongswan.conf | 4 +-
.../ip-pool-wish/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-pool-wish/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-pool-wish/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/ip-pool/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/ip-pool/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/ip-pool/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 4 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../ip-two-pools-db/hosts/dave/etc/strongswan.conf | 2 +-
.../ip-two-pools-db/hosts/moon/etc/strongswan.conf | 4 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 4 +-
.../ip-two-pools/hosts/alice/etc/strongswan.conf | 2 +-
.../ip-two-pools/hosts/carol/etc/strongswan.conf | 2 +-
.../ip-two-pools/hosts/moon/etc/strongswan.conf | 2 +-
.../mobike-nat/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/mobike-nat/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../ikev2/mobike/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/mobike/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../carol/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../carol/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../hosts/dave/etc/strongswan.conf | 2 +-
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../hosts/dave/etc/strongswan.conf | 2 +-
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../multi-level-ca/hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../multi-level-ca/hosts/dave/etc/strongswan.conf | 2 +-
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../multi-level-ca/hosts/moon/etc/strongswan.conf | 2 +-
.../nat-one-rw/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf | 2 +-
.../nat-two-rw-psk/hosts/alice/etc/strongswan.conf | 2 +-
.../nat-two-rw-psk/hosts/sun/etc/strongswan.conf | 2 +-
.../nat-two-rw-psk/hosts/venus/etc/strongswan.conf | 2 +-
.../nat-two-rw/hosts/alice/etc/strongswan.conf | 2 +-
.../ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf | 2 +-
.../nat-two-rw/hosts/venus/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-pgp-v3/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-pgp-v3/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-pgp-v4/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-pgp-v4/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-psk/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-psk/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-rfc3779/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-rfc3779/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-start/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-start/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../ocsp-local-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 38 +++---
.../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +++----
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 ++---
.../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +++----
.../hosts/dave/etc/strongswan.conf | 2 +-
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../ocsp-revoked/hosts/carol/etc/strongswan.conf | 2 +-
.../ocsp-revoked/hosts/moon/etc/strongswan.conf | 2 +-
.../ocsp-root-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../ocsp-root-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../moon/etc/ipsec.d/cacerts/researchCert.pem | 18 +--
.../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 16 +--
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-route/hosts/moon/etc/strongswan.conf | 2 +-
.../reauth-early/hosts/carol/etc/strongswan.conf | 2 +-
.../reauth-early/hosts/moon/etc/strongswan.conf | 2 +-
.../reauth-late/hosts/carol/etc/strongswan.conf | 2 +-
.../reauth-late/hosts/moon/etc/strongswan.conf | 2 +-
.../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../rw-hash-and-url/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-hash-and-url/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-psk-fqdn/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-psk-fqdn/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-psk-fqdn/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-psk-ipv4/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-psk-no-idr/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-psk-no-idr/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-psk-no-idr/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../two-certs/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/two-certs/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/carol/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/dave/etc/strongswan.conf | 2 +-
.../virtual-ip/hosts/moon/etc/strongswan.conf | 2 +-
.../wildcards/hosts/carol/etc/strongswan.conf | 2 +-
.../ikev2/wildcards/hosts/dave/etc/strongswan.conf | 2 +-
.../ikev2/wildcards/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../host2host-ikev2/hosts/sun/etc/strongswan.conf | 2 +-
.../net2net-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-ikev2/hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf | 2 +-
.../ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-psk-ikev2/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-psk-ikev2/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-psk-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../transport-ikev2/hosts/moon/etc/strongswan.conf | 2 +-
.../transport-ikev2/hosts/sun/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +-
.../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +-
.../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/alice/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/venus/etc/strongswan.conf | 2 +-
.../medsrv-psk/hosts/alice/etc/strongswan.conf | 2 +-
.../medsrv-psk/hosts/bob/etc/strongswan.conf | 2 +-
.../medsrv-psk/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-aes-xcbc/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha384/hosts/moon/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/carol/etc/strongswan.conf | 2 +-
.../alg-sha512/hosts/moon/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +-
.../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/sun/etc/strongswan.conf | 2 +-
.../nat-two-rw/hosts/alice/etc/strongswan.conf | 2 +-
.../pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf | 2 +-
.../nat-two-rw/hosts/venus/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/moon/etc/strongswan.conf | 2 +-
.../net2net-route/hosts/sun/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../protoport-route/hosts/moon/etc/strongswan.conf | 2 +-
.../pfkey/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../pfkey/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../pfkey/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 4 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 4 +-
testing/tests/sql/ip-pool-db-restart/pretest.dat | 1 +
.../sql/ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/ip-pool-db/hosts/moon/etc/strongswan.conf | 4 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 4 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 4 +-
.../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../sql/net2net-cert/hosts/sun/etc/strongswan.conf | 2 +-
.../sql/net2net-psk/hosts/moon/etc/strongswan.conf | 2 +-
.../sql/net2net-psk/hosts/sun/etc/strongswan.conf | 2 +-
.../sql/rw-cert/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/rw-cert/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/rw-cert/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +-
.../rw-psk-ipv6/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf | 2 +-
.../hosts/carol/etc/strongswan.conf | 2 +-
.../hosts/dave/etc/strongswan.conf | 2 +-
.../hosts/moon/etc/strongswan.conf | 2 +-
.../rw-rsa-keyid/hosts/carol/etc/strongswan.conf | 2 +-
.../rw-rsa-keyid/hosts/dave/etc/strongswan.conf | 2 +-
.../rw-rsa-keyid/hosts/moon/etc/strongswan.conf | 2 +-
.../sql/rw-rsa/hosts/carol/etc/strongswan.conf | 2 +-
.../sql/rw-rsa/hosts/dave/etc/strongswan.conf | 2 +-
.../sql/rw-rsa/hosts/moon/etc/strongswan.conf | 2 +-
559 files changed, 4367 insertions(+), 1539 deletions(-)
create mode 100644 testing/tests/ike2/description.txt
create mode 100644 testing/tests/ike2/evaltest.dat
create mode 100644 testing/tests/ike2/hosts/bob/etc/hosts
create mode 100755 testing/tests/ike2/hosts/moon/etc/ipsec.conf
create mode 100755 testing/tests/ike2/hosts/moon/etc/nat_updown
create mode 100644 testing/tests/ike2/hosts/moon/etc/strongswan.conf
create mode 100755 testing/tests/ike2/hosts/sun/etc/ipsec.conf
create mode 100644 testing/tests/ike2/hosts/sun/etc/strongswan.conf
create mode 100644 testing/tests/ike2/posttest.dat
create mode 100644 testing/tests/ike2/pretest.dat
create mode 100644 testing/tests/ike2/test.conf
create mode 100644 testing/tests/ikev1/alg-modp-subgroup/description.txt
create mode 100644 testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
create mode 100755 testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
create mode 100755 testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
create mode 100755 testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/alg-modp-subgroup/posttest.dat
create mode 100644 testing/tests/ikev1/alg-modp-subgroup/pretest.dat
create mode 100644 testing/tests/ikev1/alg-modp-subgroup/test.conf
create mode 100644 testing/tests/ikev1/esp-alg-aes-gmac/description.txt
create mode 100644 testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
create mode 100755 testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
create mode 100755 testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
create mode 100644 testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
create mode 100644 testing/tests/ikev1/esp-alg-aes-gmac/test.conf
create mode 100644 testing/tests/ikev1/ip-pool/description.txt
create mode 100644 testing/tests/ikev1/ip-pool/evaltest.dat
create mode 100755 testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
create mode 100755 testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev1/ip-pool/posttest.dat
create mode 100644 testing/tests/ikev1/ip-pool/pretest.dat
create mode 100644 testing/tests/ikev1/ip-pool/test.conf
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/description.txt
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
create mode 100755 testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
create mode 100755 testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
create mode 100755 testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
create mode 100755 testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
create mode 100644 testing/tests/ikev1/ip-two-pools-mixed/test.conf
create mode 100644 testing/tests/ikev1/ip-two-pools/description.txt
create mode 100644 testing/tests/ikev1/ip-two-pools/evaltest.dat
create mode 100755 testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
create mode 100755 testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
create mode 100755 testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
create mode 100755 testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev1/ip-two-pools/posttest.dat
create mode 100644 testing/tests/ikev1/ip-two-pools/pretest.dat
create mode 100644 testing/tests/ikev1/ip-two-pools/test.conf
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/description.txt
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
create mode 100755 testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/posttest.dat
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/pretest.dat
create mode 100644 testing/tests/ikev2/alg-modp-subgroup/test.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/description.txt
create mode 100644 testing/tests/ikev2/dhcp-dynamic/evaltest.dat
create mode 100755 testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
create mode 100755 testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
create mode 100755 testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
create mode 100644 testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
create mode 100755 testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
create mode 100644 testing/tests/ikev2/dhcp-dynamic/posttest.dat
create mode 100644 testing/tests/ikev2/dhcp-dynamic/pretest.dat
create mode 100644 testing/tests/ikev2/dhcp-dynamic/test.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/description.txt
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
create mode 100755 testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
create mode 100755 testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
create mode 100755 testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
create mode 100755 testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/posttest.dat
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/pretest.dat
create mode 100644 testing/tests/ikev2/dhcp-static-client-id/test.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/description.txt
create mode 100644 testing/tests/ikev2/dhcp-static-mac/evaltest.dat
create mode 100755 testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
create mode 100755 testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
create mode 100755 testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
create mode 100644 testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
create mode 100755 testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
create mode 100644 testing/tests/ikev2/dhcp-static-mac/posttest.dat
create mode 100644 testing/tests/ikev2/dhcp-static-mac/pretest.dat
create mode 100644 testing/tests/ikev2/dhcp-static-mac/test.conf
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/description.txt
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
create mode 100755 testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
create mode 100644 testing/tests/ikev2/esp-alg-aes-gmac/test.conf
create mode 100644 testing/tests/ikev2/farp/description.txt
create mode 100644 testing/tests/ikev2/farp/evaltest.dat
create mode 100755 testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
create mode 100755 testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
create mode 100644 testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
create mode 100644 testing/tests/ikev2/farp/posttest.dat
create mode 100644 testing/tests/ikev2/farp/pretest.dat
create mode 100644 testing/tests/ikev2/farp/test.conf
(limited to 'testing/tests')
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index 586a3dc5e..48b36cec7 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index 586a3dc5e..48b36cec7 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index b15a55fa5..0113aa780 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index ab6f08e2d..6fcefc56a 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index b15a55fa5..0113aa780 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
index 6f4ec2510..774042329 100644
--- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
libstrongswan {
diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
index ff3faf993..1f442a7dd 100644
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw
}
pluto {
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
index cf4893014..831790f1e 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw
}
pluto {
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ike2/description.txt b/testing/tests/ike2/description.txt
new file mode 100644
index 000000000..31d24cda6
--- /dev/null
+++ b/testing/tests/ike2/description.txt
@@ -0,0 +1,6 @@
+The router <b>moon</b> sets up a connection to gateway <b>sun</b> in order
+to reach the subnet hidden behind <b>sun</b>. The gateway <b>sun</b> assigns a
+virtual IP address to router <b>moon</b>. A special updown script on <b>moon</b>
+specified by <b>leftupdown=/etc/nat_updown</b> dynamically inserts a source NAT rule
+which maps the IP address of client <b>alice</b> to the virtual IP of <b>moon</b>.
+This allows <b>alice</b> to access client <b>bob</b> via the established IPsec tunnel.
diff --git a/testing/tests/ike2/evaltest.dat b/testing/tests/ike2/evaltest.dat
new file mode 100644
index 000000000..75d5ffbd3
--- /dev/null
+++ b/testing/tests/ike2/evaltest.dat
@@ -0,0 +1,8 @@
+moon::ipsec statusall::net-net.*ESTABLISHED::YES
+sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES
+bob::tcpdump::IP bob.strongswan.org > alice2.strongswan.org: ICMP::YES
diff --git a/testing/tests/ike2/hosts/bob/etc/hosts b/testing/tests/ike2/hosts/bob/etc/hosts
new file mode 100644
index 000000000..ee854da09
--- /dev/null
+++ b/testing/tests/ike2/hosts/bob/etc/hosts
@@ -0,0 +1,70 @@
+# /etc/hosts: This file describes a number of hostname-to-address
+# mappings for the TCP/IP subsystem. It is mostly
+# used at boot time, when no name servers are running.
+# On small systems, this file can be used instead of a
+# "named" name server. Just add the names, addresses
+# and any aliases to this file...
+#
+
+127.0.0.1 localhost
+
+192.168.0.254 uml0.strongswan.org uml0
+10.1.0.254 uml1.strongswan.org uml1
+10.2.0.254 uml1.strongswan.org uml2
+
+10.1.0.10 alice.strongswan.org alice
+10.1.0.20 venus.strongswan.org venus
+10.1.0.1 moon1.strongswan.org moon1
+192.168.0.1 moon.strongswan.org moon
+192.168.0.50 alice1.strongswan.org alice1
+192.168.0.100 carol.strongswan.org carol
+10.3.0.1 carol1.strongswan.org carol1
+192.168.0.150 winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
+192.168.0.200 dave.strongswan.org dave
+10.3.0.2 dave1.strongswan.org dave1
+192.168.0.2 sun.strongswan.org sun
+10.2.0.1 sun1.strongswan.org sun1
+10.2.0.10 bob.strongswan.org bob
+10.4.0.1 alice2.strongswan.org alice2
+
+# IPv6 versions of localhost and co
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+
+# IPv6 solicited-node multicast addresses
+ff02::1:ff00:1 ip6-mcast-1
+ff02::1:ff00:2 ip6-mcast-2
+ff02::1:ff00:10 ip6-mcast-10
+ff02::1:ff00:15 ip6-mcast-15
+ff02::1:ff00:20 ip6-mcast-20
+
+# IPv6 site-local addresses
+fec0::5 ip6-alice1.strongswan.org ip6-alice1
+fec1::10 ip6-alice.strongswan.org ip6-alice
+fec1::20 ip6-venus.strongswan.org ip6-venus
+fec1::1 ip6-moon1.strongswan.org ip6-moon1
+fec0::1 ip6-moon.strongswan.org ip6-moon
+fec0::10 ip6-carol.strongswan.org ip6-carol
+fec3::1 ip6-carol1.strongswan.org ip6-carol1
+fec0::15 ip6-winnetou.strongswan.org ip6-winnetou
+fec0::20 ip6-dave.strongswan.org ip6-dave
+fec3::2 ip6-dave1.strongswan.org ip6-dave1
+fec0::2 ip6-sun.strongswan.org ip6-sun
+fec2::1 ip6-sun1.strongswan.org ip6-sun1
+fec2::10 ip6-bob.strongswan.org ip6-bob
+
+# IPv6 link-local HW derived addresses
+fe80::fcfd:0aff:fe01:14 ip6-hw-venus.strongswan.org ip6-hw-venus
+fe80::fcfd:0aff:fe01:0a ip6-hw-alice.strongswan.org ip6-hw-alice
+fe80::fcfd:0aff:fe01:01 ip6-hw-moon1.strongswan.org ip6-hw-moon1
+fe80::fcfd:c0ff:fea8:01 ip6-hw-moon.strongswan.org ip6-hw-moon
+fe80::fcfd:c0ff:fea8:64 ip6-hw-carol.strongswan.org ip6-hw-carol
+fe80::fcfd:c0ff:fea8:96 ip6-hw-winnetou.strongswan.org ip6-hw-winnetou
+fe80::fcfd:c0ff:fea8:c8 ip6-hw-dave.strongswan.org ip6-hw-dave
+fe80::fcfd:c0ff:fea8:02 ip6-hw-sun.strongswan.org ip6-hw-sun
+fe80::fcfd:0aff:fe02:01 ip6-hw-sun1.strongswan.org ip6-hw-sun1
+fe80::fcfd:0aff:fe02:0a ip6-hw-bob.strongswan.org ip6-hw-bob
diff --git a/testing/tests/ike2/hosts/moon/etc/ipsec.conf b/testing/tests/ike2/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e43e0d785
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ mobike=no
+
+conn net-net
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsourceip=%config
+ leftupdown=/etc/nat_updown
+ right=PH_IP_SUN
+ rightid=@sun.strongswan.org
+ rightsubnet=10.2.0.0/16
+ auto=add
diff --git a/testing/tests/ike2/hosts/moon/etc/nat_updown b/testing/tests/ike2/hosts/moon/etc/nat_updown
new file mode 100755
index 000000000..aab1df687
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/nat_updown
@@ -0,0 +1,152 @@
+#! /bin/sh
+# NAT updown script
+#
+# Copyright (C) 2010 Andreas Steffen <andreas.steffen@strongswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+
+# things that this script gets (from ipsec_pluto(8) man page)
+#
+# PLUTO_VERSION
+# indicates what version of this interface is being
+# used. This document describes version 1.1. This
+# is upwardly compatible with version 1.0.
+#
+# PLUTO_VERB
+# specifies the name of the operation to be performed
+# (prepare-host, prepare-client, up-host, up-client,
+# down-host, or down-client). If the address family
+# for security gateway to security gateway communica-
+# tions is IPv6, then a suffix of -v6 is added to the
+# verb.
+#
+# PLUTO_CONNECTION
+# is the name of the connection for which we are
+# routing.
+#
+# PLUTO_NEXT_HOP
+# is the next hop to which packets bound for the peer
+# must be sent.
+#
+# PLUTO_INTERFACE
+# is the name of the ipsec interface to be used.
+#
+# PLUTO_REQID
+# is the requid of the ESP policy
+#
+# PLUTO_ME
+# is the IP address of our host.
+#
+# PLUTO_MY_ID
+# is the ID of our host.
+#
+# PLUTO_MY_CLIENT
+# is the IP address / count of our client subnet. If
+# the client is just the host, this will be the
+# host's own IP address / max (where max is 32 for
+# IPv4 and 128 for IPv6).
+#
+# PLUTO_MY_CLIENT_NET
+# is the IP address of our client net. If the client
+# is just the host, this will be the host's own IP
+# address.
+#
+# PLUTO_MY_CLIENT_MASK
+# is the mask for our client net. If the client is
+# just the host, this will be 255.255.255.255.
+#
+# PLUTO_MY_SOURCEIP
+# if non-empty, then the source address for the route will be
+# set to this IP address.
+#
+# PLUTO_MY_PROTOCOL
+# is the IP protocol that will be transported.
+#
+# PLUTO_MY_PORT
+# is the UDP/TCP port to which the IPsec SA is
+# restricted on our side.
+#
+# PLUTO_PEER
+# is the IP address of our peer.
+#
+# PLUTO_PEER_ID
+# is the ID of our peer.
+#
+# PLUTO_PEER_CA
+# is the CA which issued the cert of our peer.
+#
+# PLUTO_PEER_CLIENT
+# is the IP address / count of the peer's client sub-
+# net. If the client is just the peer, this will be
+# the peer's own IP address / max (where max is 32
+# for IPv4 and 128 for IPv6).
+#
+# PLUTO_PEER_CLIENT_NET
+# is the IP address of the peer's client net. If the
+# client is just the peer, this will be the peer's
+# own IP address.
+#
+# PLUTO_PEER_CLIENT_MASK
+# is the mask for the peer's client net. If the
+# client is just the peer, this will be
+# 255.255.255.255.
+#
+# PLUTO_PEER_PROTOCOL
+# is the IP protocol that will be transported.
+#
+# PLUTO_PEER_PORT
+# is the UDP/TCP port to which the IPsec SA is
+# restricted on the peer side.
+#
+
+# define a minimum PATH environment in case it is not set
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin"
+export PATH
+
+# resolve octal escape sequences
+PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
+PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
+
+case "$PLUTO_VERB:$1" in
+up-host:)
+ # connection to me coming up
+ # If you are doing a custom version, firewall commands go here.
+ ;;
+down-host:)
+ # connection to me going down
+ # If you are doing a custom version, firewall commands go here.
+ ;;
+up-client:)
+ # connection to my client subnet coming up
+ # If you are doing a custom version, firewall commands go here.
+ iptables -A FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -A FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \
+ -s $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP
+ echo "inserted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2
+ ;;
+down-client:)
+ # connection to my client subnet going down
+ # If you are doing a custom version, firewall commands go here.
+ iptables -D FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -D FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \
+ -s $PLUTO_PEER_CLIENT -j ACCEPT
+ iptables -t nat -D POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+ -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP
+ echo "deleted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2
+ ;;
+*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
+ exit 1
+ ;;
+esac
diff --git a/testing/tests/ike2/hosts/moon/etc/strongswan.conf b/testing/tests/ike2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..161934454
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ike2/hosts/sun/etc/ipsec.conf b/testing/tests/ike2/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..9cede8d56
--- /dev/null
+++ b/testing/tests/ike2/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ mobike=no
+
+conn net-net
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ leftsubnet=10.2.0.0/16
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsourceip=10.4.0.0/24
+ auto=add
diff --git a/testing/tests/ike2/hosts/sun/etc/strongswan.conf b/testing/tests/ike2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..161934454
--- /dev/null
+++ b/testing/tests/ike2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ike2/posttest.dat b/testing/tests/ike2/posttest.dat
new file mode 100644
index 000000000..b121de27d
--- /dev/null
+++ b/testing/tests/ike2/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::conntrack -F
diff --git a/testing/tests/ike2/pretest.dat b/testing/tests/ike2/pretest.dat
new file mode 100644
index 000000000..abbca90d7
--- /dev/null
+++ b/testing/tests/ike2/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::conntrack -F
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1
+moon::ipsec up net-net
+moon::sleep 1
diff --git a/testing/tests/ike2/test.conf b/testing/tests/ike2/test.conf
new file mode 100644
index 000000000..1971a33ab
--- /dev/null
+++ b/testing/tests/ike2/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun bob"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/alg-modp-subgroup/description.txt b/testing/tests/ikev1/alg-modp-subgroup/description.txt
new file mode 100644
index 000000000..cb7d11720
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/description.txt
@@ -0,0 +1,14 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
+with <b>Prime Order Subgroups</b>.
+<p/>
+<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
+<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
+Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
+MODP_1024_160 and MODP_2048_256, respectively.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
new file mode 100644
index 000000000..0f71ba5f5
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
@@ -0,0 +1,13 @@
+moon::cat /var/log/auth.log::MODP_2048_224.*refused due to strict flag::YES
+moon::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1/MODP_1024_160::YES
+dave::ipsec statusall::IPsec SA established::YES
+dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..944524020
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160!
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..a9de84e91
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256!
+
+conn home
+ left=PH_IP_DAVE
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..424f78bb4
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160!
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/posttest.dat b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/alg-modp-subgroup/test.conf b/testing/tests/ikev1/alg-modp-subgroup/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
index 3c5c5d91d..61d1c34e2 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIBCzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDIxNzA4NDQzMFoXDTEwMDIxNjA4NDQzMFowZjELMAkGA1UE
+b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2Czo4Mds6Jz15DWop6ExWI
-wWt9zU8Xu//ow1F0Kf9a4DLjo8qO+km3gybByNQQv1LrZ1eq+82Gy4RYXU1FnhC6
-dc8aobDmUQkY/8uYXtUmevKF5QcbYciDLp01W1q0DONAlc/9wmvJWhvjs9itWOBC
-fAUcH3eUNvMgkc7hlQTqreZTH4zyJ6M54JibkTsyfVg/1yOT41zUU3b+vI/r9kNB
-CYcp2DrdhdxX6mEiSTyDA/OMlgvCa7kPinUL4FJtQOFBozCsGcD28ONLc8Abkggf
-NABXCclPVAXOTawJF3dRWcMhIlNLWxWMVRvEt5OkAEdy/mXGBvtVArmGnmA+8zcC
-AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFA+6
-5KwThPKc9Vxn0048uRThft1tMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
+dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
+p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
+d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
+SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
+s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
+AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
+LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
-b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEEBQADggEBAIeg
-CjgR2yIGSuyrFolvEM/qoT3j+LpQREDZbx9BKr3kGmbqF75clwfpysJ4FlXZZ2CR
-aH2GoPOZGXwsYc3poqGeeWSxo+fpt4XIGUc1eREXm1rKVMd+qb0u0PXuhq2+u1aY
-ZJDY0yqUU2/7AInXjzG7lI120W+K6tuTM/5UVI5EPpAFwUVlCxnMh4Sl4VkgZ2Hw
-YnO3/8SEHmHR03/GhOd5d8hD8a0AGHtdOPpZnUOR9PH5FszpQ/alUdn+NTdQ7O2v
-Q8jqPCeQSAAkJbBBRvGA4bD6KXt1k74fXXUofiKWpQUozlO1Cc978Kfl5/do5bov
-wTLSA/z7c8nVCVoZI9Y=
+b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
+atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
+u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
+aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
+wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
+G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
+8mcNXcKmqcyP2Tlnvbo=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
index 209b48f3a..250441ad0 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvYLOjgx2zonPXkNainoTFYjBa33NTxe7/+jDUXQp/1rgMuOj
-yo76SbeDJsHI1BC/UutnV6r7zYbLhFhdTUWeELp1zxqhsOZRCRj/y5he1SZ68oXl
-BxthyIMunTVbWrQM40CVz/3Ca8laG+Oz2K1Y4EJ8BRwfd5Q28yCRzuGVBOqt5lMf
-jPInozngmJuROzJ9WD/XI5PjXNRTdv68j+v2Q0EJhynYOt2F3FfqYSJJPIMD84yW
-C8JruQ+KdQvgUm1A4UGjMKwZwPbw40tzwBuSCB80AFcJyU9UBc5NrAkXd1FZwyEi
-U0tbFYxVG8S3k6QAR3L+ZcYG+1UCuYaeYD7zNwIDAQABAoIBAQCCGgsz+dqWcIWs
-cRD3gFcZsYkYAoWwhtrKFUIB6X3rkLfaN+16Yi3x7cpcES2OaPDwPCv2Q6warS+K
-7B8hrWmWkmvOgrn+eB+p3z+8xh5UttYxKTrSZjn7LhQSWU8eNf2jBfPTlqKi3Ni/
-zNLrLhaV3w7Fc0knDtmqj/GJ1dQ4SrUpME3sREpWbGSzjJ2UsR7iqQiDsYwWHzK2
-nWWwzrSmpObhDR3jiyOwBy/DEjXRC7h0fUL8eBghJvLWgFgifI5Z36FXa0FasxQr
-zKZnQdwuJHqQz7+sVjAmKtNd7x7RE5Ii0oQYiWDFr0OAwKD5UfMNydpcOVC/bV2n
-SKWmguoBAoGBAO73MTPP9ne4cfC7t4k2+F9hkb7mAjAbk9GbTyZyEKSDKH2bL02W
-G4kXdlkvZVgKhIDg8PCouRSQKv2IxubDrarFURb5KMJlyfBV1Q8JSxpVtxK69clq
-yIu/AtiiBE/n11MdmdoJLr6l2nNStJummj2jw5OyN8sdJarf83rCy+ITAoGBAMsF
-IfivZ+Tueavy0tGRb1qqKalIhwzLBRmWCna39bB9rK4eTNio5Oes95mC7t8mslmO
-18enKUTO87svWLzo8NVYIKSqg5B+kIN44hROErlV6HHPVd5vJzZFjH7SSfy5y8Ka
-wmsA1xiG6NEgEndc6F6uQ2YdaZAHWFO6CiTNpq7NAoGADXglb9QzAkCFO5p5F+Tf
-TxEC1A3G5ctII7JrXbFkOsGh0KKkoezqFGocI57GSZYeLd1/9zCrbftKUQwamftB
-mLSSg4b7wylVnpRX9AcEErHuJcIgBIBeWXIkyO0o7RAWVPsAJwgJeHmEvKdWwsc7
-PmoypeqPtoUoEF+bK7o7H70CgYAYlYaHlrX+AuK4766XsgTJ9dEVrrKr2enEL2cU
-+THHLXC7pO+pTMprQ4a4ECLc4tK2BZYblyJoMqdRA2q7dXm0W/eX+Q31cV4OjZTS
-4KFj0ANVxMWhKdSVvdZFhTFwaQ9DgXoJexCQ58VJjZiu25FH5dJDi0w9JKaNfPm9
-eym0AQKBgHhfqD9EXxazoP27NyZAFUSA3r4u06qFjbAEjbuJVAJNSuEu6Sht2uIg
-lCHpTPssDLHVSY0faQwY4vPqJZVg0k/rAu2VlvbJxYrdzXr8eTfPRJrhv/s/Tbro
-n1rmisBKov1P2Cu2e03a8+GDO3lpSZr9YNG/e7wggSbfAvqCoUDF
+MIIEowIBAAKCAQEArDQ1aDwWmStagi03N7ESJpJ0RIX5uXDb7bLnW9WZsOT1518l
+yOTME0gS9j/QZc4OZy2GMTGJM2CY24J1DBqkIfGnf0doP3TavOa9+UjjR1lOaUVy
+fQ+njXA1u+NVo6mft/oyi/rxiaygtCvjv45Tqyd3dzyvH4Fc7iDpjJEHTGnAHaR8
+7fgVmHsXA57ixUAm7kTu6srSGKPZbX5p1k0WDspI/aLuWV+ijFalL7pWLpmO4n91
+wbK9eleevQfbHnyxl5oHmfwDL6aE8NfvbFd/ASazt/O2SGqaaLHZNUQf3p1H32i4
+IQ0XUKbw4JtHWSSFZF4vo/S0JuKtvAVtnEq05QIDAQABAoIBAQCbfhUPhtp8+imi
+zANFFW2nSK0VxsgEi4T7MIU6Zjh+A3CLuF2c9gPUEUuV8W9SzeoxfmjieLFDpCDC
+bR0VjeTRBazR//+A9RoiYlP+CbO4FEr6QYwsovsPetf6TT9iJeMjtBb6UODTCP6f
+UdY3fOPN8zgrga87yorINw3MMJSfiI21zSzCkueOQloktBgih5Wueu8FDFUB2fVa
+uLTUa+wOhXUBPyF5OXLox5TxE6gBPkiUsnNXP8X/kHLPk2iBQmdxz+uwG/Pz6pS2
+JsmX2WzFJ0+Rj4cJpoa4Ev5uAx79kcXnQT3d5/HIwuh7ZEMKorb1m8w8lhAW4ARU
+ddjhLkWhAoGBAOCpDGfLwQHWVejOcjEwfWts0hHLdlNfZEgsLSex2k/U6Mk1TjCo
+tAHQOvmqxZDxypJEem3RPaWZh+gttTpHvGkS9fsvTpyARcDp0FXI40hwARPsnMbI
+0fDmpVfOOLZdQKMDg42TrZC/mipU68gFP/rYC7xalJs0pe0LL3ffsSC5AoGBAMQ5
+3V6nuucpL87I0fKg56z0/3lcRxI46KuIXhHSAjxNb76cQuxiK8s5TPCot3Unq6GQ
+R7Y+dYd1FVEh2i3Q7/Yh/BSeYiDcDf5aELCwY32O/OnSSoNTbgGR5FT+/SHJK5bg
+j/O5S7+dajqtC2JZJl8smOeB5c187bc4FU72+6eNAoGAZUiRSTI434Ur0ftQzBBa
+WtYClvctb0TwRwFzkhPCon8QO7YGfDVygebIz8pHq6L2ep7Yuy28Jy5icTA6Jf41
+WQGtWALp4/CIggJnZGVe4kdslPj1bUEYNQ0mucFFHCJKg7OP2YIcm8dlz3PdoJ2N
+TJ+eGtqTaK2BqK6ERfzZNDECgYBbVTOcYyWzgpAmB4LxE8PB1Sc0LadG7AYgERD3
+6m/v8XsZlVHxBKCtrrYJLf52IUjZonY+dUPvEKgjY0ZSHPYT8i2Ky02RTduVkAZE
+t1UXk/5UNvVHuwVw5Z8JkMXxe9k2GL/oCU8gmPxg4zpxRF1/3xosZ2G3C3b52LjS
+UFNB4QKBgDX2UmLgRHAXDsmksNZaMUSNk+xws0B1M/EDd9h7e79ilENkOPDLo5+E
+z22WPNrgzKEUz44FZZOsislfPE7ffgQcRTxtNWqoElwxuHLuy46jaReL7zJSDtpv
+wtn4YoOpH0DnC994nziTQif33FBF/2o8hWoq4vcXKNSMGTwGzi/a
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
new file mode 100644
index 000000000..bc9b7c760
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac!</b>
+in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
+the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
new file mode 100644
index 000000000..3ec271cf1
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec statusall::rw.*IPsec SA established::YES
+carol::ipsec statusall::home.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+carol::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..69ef8d49d
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes256-sha384-modp2048!
+ esp=aes256gmac!
+
+conn home
+ left=PH_IP_CAROL
+ leftfirewall=yes
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..41a583763
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ ike=aes256-sha384-modp2048!
+ esp=aes256gmac!
+
+conn rw
+ left=PH_IP_MOON
+ leftfirewall=yes
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/test.conf b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf
new file mode 100644
index 000000000..acb73b06f
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
index 5a444f19c..90eb30a9b 100644
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
@@ -4,7 +4,7 @@ pluto {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
index 5a444f19c..90eb30a9b 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -4,7 +4,7 @@ pluto {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev1/ip-pool/description.txt b/testing/tests/ikev1/ip-pool/description.txt
new file mode 100644
index 000000000..b3f584c57
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 Mode Config payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order.
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat
new file mode 100644
index 000000000..f67ab321b
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/evaltest.dat
@@ -0,0 +1,26 @@
+carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::ipsec status::home.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
+dave::ip addr list dev eth0::PH_IP_DAVE1::YES
+dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave::ipsec status::home.*IPsec SA established::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool::YES
+moon::cat /var/log/auth.log::peer requested virtual IP %any::YES
+moon::cat /var/log/auth.log::assigning virtual IP::YES
+moon::ipsec leases rw::2/15, 2 online::YES
+moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES
+moon::ipsec statusall::rw.*carol@strongswan.org.*erouted::YES
+moon::ipsec statusall::rw.*dave@strongswan.org.*erouted::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..0c770de9f
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..163c19516
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ddedd7e7b
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn rw
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/posttest.dat b/testing/tests/ikev1/ip-pool/posttest.dat
new file mode 100644
index 000000000..a68e84cbd
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+dave::ip addr del 10.3.0.2/32 dev eth0
diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/ip-pool/pretest.dat
new file mode 100644
index 000000000..014e80517
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1/ip-pool/test.conf b/testing/tests/ikev1/ip-pool/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/description.txt b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
new file mode 100644
index 000000000..3869ced0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
@@ -0,0 +1,9 @@
+The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
+Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
+<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
+addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
+to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from an SQLite-based pool
+named <b>intpool</b> [10.4.0.1..10.4.1.244] to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
+<p>
+Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and
+both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
new file mode 100644
index 000000000..f237ce53f
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
@@ -0,0 +1,17 @@
+carol::ipsec status::home.*IPsec SA established::YES
+alice::ipsec status::home.*IPsec SA established::YES
+moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
+moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon::ipsec leases ext::1/15, 1 online::YES
+moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
+moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
new file mode 100755
index 000000000..97b773645
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
@@ -0,0 +1,78 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow ESP
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MOBIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..e8077b22a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=%defaultroute
+ leftsourceip=%config
+ leftcert=aliceCert.pem
+ leftid=alice@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON1
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..99a8c60ff
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..bb9d03acd
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+ iptables -A INPUT -i eth1 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # masquerade crl fetches to winnetou
+ iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e844ba989
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+
+conn int
+ left=PH_IP_MOON1
+ rightsourceip=%intpool
+ auto=add
+
+conn ext
+ left=PH_IP_MOON
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..90eb30a9b
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
+}
+
+libhydra {
+ plugins {
+ attr-sql {
+ database = sqlite:///etc/ipsec.d/ipsec.db
+ }
+ }
+}
+
+pool {
+ load = sqlite
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
new file mode 100644
index 000000000..74e3cf2c0
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
@@ -0,0 +1,13 @@
+carol::ipsec stop
+alice::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+alice::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+alice::ip addr del 10.4.0.1/32 dev eth0
+moon::ip route del 10.3.0.0/16 via PH_IP_MOON
+moon::ip route del 10.4.0.0/16 via PH_IP_MOON1
+moon::conntrack -F
+moon::ipsec pool --del intpool 2> /dev/null
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
new file mode 100644
index 000000000..21e28ce0c
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
@@ -0,0 +1,15 @@
+moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null
+moon::ip route add 10.3.0.0/16 via PH_IP_MOON
+moon::ip route add 10.4.0.0/16 via PH_IP_MOON1
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+moon::ipsec start
+alice::ipsec start
+carol::sleep 2
+carol::ipsec up home
+alice::ipsec up home
+alice::sleep 1
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/test.conf b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
new file mode 100644
index 000000000..329774c0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice carol"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/ip-two-pools/description.txt b/testing/tests/ikev1/ip-two-pools/description.txt
new file mode 100644
index 000000000..33a5187c5
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/description.txt
@@ -0,0 +1,9 @@
+The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
+Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
+<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
+addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
+to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from a simple pool defined
+by <b>rightsourceip=10.4.0.0/28</b> to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
+<p>
+Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and
+both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools/evaltest.dat b/testing/tests/ikev1/ip-two-pools/evaltest.dat
new file mode 100644
index 000000000..2f19a77ba
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/evaltest.dat
@@ -0,0 +1,18 @@
+carol::ipsec status::home.*IPsec SA established::YES
+alice::ipsec status::home.*IPsec SA established::YES
+moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
+moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon::ipsec leases ext::1/15, 1 online::YES
+moon::ipsec leases int::1/15, 1 online::YES
+moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
new file mode 100755
index 000000000..97b773645
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
@@ -0,0 +1,78 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow ESP
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MOBIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..e8077b22a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=%defaultroute
+ leftsourceip=%config
+ leftcert=aliceCert.pem
+ leftid=alice@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON1
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..99a8c60ff
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..bb9d03acd
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+ iptables -A INPUT -i eth1 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+ iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # masquerade crl fetches to winnetou
+ iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..4771e26d6
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+ plutodebug=control
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%any
+
+conn int
+ left=PH_IP_MOON1
+ rightsourceip=10.4.0.0/28
+ auto=add
+
+conn ext
+ left=PH_IP_MOON
+ rightsourceip=10.3.0.0/28
+ auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/posttest.dat b/testing/tests/ikev1/ip-two-pools/posttest.dat
new file mode 100644
index 000000000..4474e5ade
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/posttest.dat
@@ -0,0 +1,12 @@
+alice::ipsec stop
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+alice::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+alice::ip addr del 10.4.0.1/32 dev eth0
+moon::ip route del 10.3.0.0/16 via 192.168.0.1
+moon::ip route del 10.4.0.0/16 via 10.1.0.1
+moon::conntrack -F
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools/pretest.dat b/testing/tests/ikev1/ip-two-pools/pretest.dat
new file mode 100644
index 000000000..8091a6ed2
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/pretest.dat
@@ -0,0 +1,12 @@
+moon::ip route add 10.3.0.0/16 via 192.168.0.1
+moon::ip route add 10.4.0.0/16 via 10.1.0.1
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+moon::ipsec start
+alice::ipsec start
+carol::sleep 2
+carol::ipsec up home
+alice::ipsec up home
+alice::sleep 1
diff --git a/testing/tests/ikev1/ip-two-pools/test.conf b/testing/tests/ikev1/ip-two-pools/test.conf
new file mode 100644
index 000000000..329774c0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice carol"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
index 83cdb0d28..21493adc3 100644
--- a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP6_VENUS
}
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
index 83cdb0d28..21493adc3 100644
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP6_VENUS
}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/protoport-route/pretest.dat b/testing/tests/ikev1/protoport-route/pretest.dat
index b1fc81827..d52aeaeb8 100644
--- a/testing/tests/ikev1/protoport-route/pretest.dat
+++ b/testing/tests/ikev1/protoport-route/pretest.dat
@@ -2,7 +2,7 @@ moon::/etc/init.d/iptables start 2> /dev/null
carol::/etc/init.d/iptables start 2> /dev/null
moon::ipsec start
carol::ipsec start
-carol::sleep 1
+carol::sleep 3
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname
-carol::ping -c 1 PH_IP_ALICE > /dev/null
-carol::sleep 2
+carol::ping -c 1 PH_IP_MOON1 > /dev/null
+carol::sleep 2
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/description.txt b/testing/tests/ikev2/alg-modp-subgroup/description.txt
new file mode 100644
index 000000000..cb7d11720
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/description.txt
@@ -0,0 +1,14 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
+with <b>Prime Order Subgroups</b>.
+<p/>
+<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
+<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
+Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
+MODP_1024_160 and MODP_2048_256, respectively.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
new file mode 100644
index 000000000..80df206bf
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
@@ -0,0 +1,15 @@
+carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
+dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..257923d02
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160!
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..9b5247973
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256!
+
+conn home
+ left=PH_IP_DAVE
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..2b66e3400
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160!
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/posttest.dat b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev2/alg-modp-subgroup/test.conf b/testing/tests/ikev2/alg-modp-subgroup/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
index 4ae78cec5..06304115b 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
index 4ae78cec5..06304115b 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
index 51810734d..223ed67a3 100644
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown attr
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index c466dc8cf..4890be7cc 100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index c466dc8cf..4890be7cc 100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
diff --git a/testing/tests/ikev2/dhcp-dynamic/description.txt b/testing/tests/ikev2/dhcp-dynamic/description.txt
new file mode 100644
index 000000000..b29a1de78
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/description.txt
@@ -0,0 +1,8 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned dynamically
+by <b>venus</b> from the pool 10.1.0.50..10.1.0.60 so that <b>carol</b> and <b>dave</b> become full members
+of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to the <b>farp</b> plugin
+through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b> who wants to ping
+<b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
new file mode 100644
index 000000000..b3814084f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+ option netbios-name-servers PH_IP_VENUS;
+
+ # dynamic address pool for visitors
+ range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow bootpc and bootps
+ iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+ iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
+
+ # allow broadcasts from eth1
+ iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ # log dropped packets
+ iptables -A INPUT -j LOG --log-prefix " IN: "
+ iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw
+ right=%any
+ rightsourceip=%dhcp
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..146c81f48
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ plugins {
+ dhcp {
+ server = 10.1.255.255
+ }
+ }
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..2176af702
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,14 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option domain-name "strongswan.org";
+ option domain-name-servers 10.1.0.20;
+ option netbios-name-servers 10.1.0.10;
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ next-server 10.1.0.20;
+
+ range 10.1.0.50 10.1.0.60;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..2d35dfd64
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,7 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+ need net
+ need logger
+}
+
+start() {
+ ebegin "Starting DHCP server"
+ start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DHCP server"
+ start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+ rm -f /var/state/dhcp/dhcpd.leases
+ touch /var/state/dhcp/dhcpd.leases
+ eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
new file mode 100644
index 000000000..1f5487596
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::cat /var/state/dhcp/dhcpd.leases
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.50
+alice::arp -d 10.1.0.51
diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-dynamic/test.conf b/testing/tests/ikev2/dhcp-dynamic/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dhcp-static-client-id/description.txt b/testing/tests/ikev2/dhcp-static-client-id/description.txt
new file mode 100644
index 000000000..d253a8865
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically
+by <b>venus</b> based on the IKEv2 peer identities <b>carol@strongswan.org</b> and <b>dave@strongswan.org</b>,
+respectively, included by the dhcp plugin as a <b>dhcp-client-identity</b> option in the DHCP request.
+<p/>
+With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
+become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
+the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
+who wants to ping <b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
new file mode 100644
index 000000000..8abd2416a
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+ option netbios-name-servers PH_IP_VENUS;
+
+ # dynamic address pool for visitors
+ range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow bootpc and bootps
+ iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+ iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
+
+ # allow broadcasts from eth1
+ iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ # log dropped packets
+ iptables -A INPUT -j LOG --log-prefix " IN: "
+ iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw
+ right=%any
+ rightsourceip=%dhcp
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..146c81f48
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ plugins {
+ dhcp {
+ server = 10.1.255.255
+ }
+ }
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..44ee681b6
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,25 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option domain-name "strongswan.org";
+ option domain-name-servers 10.1.0.20;
+ option netbios-name-servers 10.1.0.10;
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ next-server 10.1.0.20;
+
+ range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+ option dhcp-client-identifier "carol@strongswan.org";
+ fixed-address 10.1.0.30;
+}
+
+host dave {
+ option dhcp-client-identifier "dave@strongswan.org";
+ fixed-address 10.1.0.40;
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..5672236a0
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-host=id:carol@strongswan.org,10.1.0.30
+dhcp-host=id:dave@strongswan.org,10.1.0.40
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+ need net
+ need logger
+}
+
+start() {
+ ebegin "Starting DHCP server"
+ start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DHCP server"
+ start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+ rm -f /var/state/dhcp/dhcpd.leases
+ touch /var/state/dhcp/dhcpd.leases
+ eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
new file mode 100644
index 000000000..e1aadc618
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
@@ -0,0 +1,9 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-static-client-id/test.conf b/testing/tests/ikev2/dhcp-static-client-id/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dhcp-static-mac/description.txt b/testing/tests/ikev2/dhcp-static-mac/description.txt
new file mode 100644
index 000000000..ed7525c87
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/description.txt
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically
+by <b>venus</b> based on the user-defined MAC address derived by the <b>dhcp</b> plugin from a hash over
+the client identity. This deterministic MAC generation is activated with the strongswan.conf setting
+<b>charon.plugins.dhcp.identity_lease = yes</b>.
+<p/>
+With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
+become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
+the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
+who wants to ping <b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
new file mode 100644
index 000000000..8abd2416a
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+ option netbios-name-servers PH_IP_VENUS;
+
+ # dynamic address pool for visitors
+ range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow bootpc and bootps
+ iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+ iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
+
+ # allow broadcasts from eth1
+ iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ # log dropped packets
+ iptables -A INPUT -j LOG --log-prefix " IN: "
+ iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw
+ right=%any
+ rightsourceip=%dhcp
+ auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..40c3c2418
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ plugins {
+ dhcp {
+ server = 10.1.255.255
+ identity_lease = yes
+ }
+ }
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..20666f701
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,25 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+ option domain-name "strongswan.org";
+ option domain-name-servers 10.1.0.20;
+ option netbios-name-servers 10.1.0.10;
+ option routers 10.1.0.1;
+ option broadcast-address 10.1.255.255;
+ next-server 10.1.0.20;
+
+ range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+ hardware ethernet 7a:a7:8f:fc:db:3b;
+ fixed-address 10.1.0.30;
+}
+
+host dave {
+ hardware ethernet 7a:a7:35:78:bc:85;
+ fixed-address 10.1.0.40;
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..e3729081f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-host=7a:a7:8f:fc:db:3b,10.1.0.30
+dhcp-host=7a:a7:35:78:bc:85,10.1.0.40
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+ need net
+ need logger
+}
+
+start() {
+ ebegin "Starting DHCP server"
+ start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DHCP server"
+ start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+ rm -f /var/state/dhcp/dhcpd.leases
+ touch /var/state/dhcp/dhcpd.leases
+ eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
new file mode 100644
index 000000000..e1aadc618
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
@@ -0,0 +1,9 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-static-mac/test.conf b/testing/tests/ikev2/dhcp-static-mac/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
new file mode 100644
index 000000000..823ec253d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b>
+in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
+the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
new file mode 100644
index 000000000..534f6d452
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::NULL_AES_GMAC_256::YES
+carol::ipsec statusall::NULL_AES_GMAC_256::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..f3a266c7d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=yes
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes256-aesxcbc-modp2048!
+ esp=aes256gmac-modp2048!
+
+conn home
+ left=PH_IP_CAROL
+ leftfirewall=yes
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..bbdb38301
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=yes
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ ike=aes256-aesxcbc-modp2048!
+ esp=aes256gmac-modp2048!
+
+conn rw
+ left=PH_IP_MOON
+ leftfirewall=yes
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/test.conf b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf
new file mode 100644
index 000000000..acb73b06f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/farp/description.txt b/testing/tests/ikev2/farp/description.txt
new file mode 100644
index 000000000..04e1c10e5
--- /dev/null
+++ b/testing/tests/ikev2/farp/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The virtual addresses assigned to the clients by gateway <b>moon</b> belong to the
+subnet 10.1.0.0/16 hidden behind the gateway so that <b>carol</b> and <b>dave</b> become full members of
+this network. And this thanks to the <b>farp</b> plugin through which <b>moon</b> acts as a proxy
+for ARP requests e.g. from <b>alice</b> who wants to ping <b>carol</b> and <b>dave</b>.
diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat
new file mode 100644
index 000000000..d48812f47
--- /dev/null
+++ b/testing/tests/ikev2/farp/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw-carol.*INSTALLED::YES
+moon::ipsec status::rw-dave.*INSTALLED::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..19dd5d3e6
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,30 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn rw-carol
+ right=%any
+ rightid=carol@strongswan.org
+ rightsourceip=10.1.0.30
+ auto=add
+
+conn rw-dave
+ right=%any
+ rightid=dave@strongswan.org
+ rightsourceip=10.1.0.40
+ auto=add
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..4585d928a
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp
+ dns1 = PH_IP_WINNETOU
+ dns2 = PH_IP_VENUS
+}
diff --git a/testing/tests/ikev2/farp/posttest.dat b/testing/tests/ikev2/farp/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/farp/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat
new file mode 100644
index 000000000..709931e1b
--- /dev/null
+++ b/testing/tests/ikev2/farp/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/farp/test.conf b/testing/tests/ikev2/farp/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/farp/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
index b7c598fca..626bec3ed 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index b7c598fca..626bec3ed 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
index 1ce52a848..70d66b20b 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
index 1ce52a848..70d66b20b 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
index 3db5e8aef..908f85ac5 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
index 3db5e8aef..908f85ac5 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
index 77f09f216..79348686d 100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
keep_alive = 1d
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
index 87fa5b2e9..4e2fcf17b 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
index 87fa5b2e9..4e2fcf17b 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
index 5e93e0fe7..df11f5ea3 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
index 5e93e0fe7..df11f5ea3 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index cc2bb91d2..eef03e3b4 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index cc2bb91d2..eef03e3b4 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
index 6922ecc15..6609a2115 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
index af2bc1675..a7f7b99ec 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
index 921db4c51..8d2f57828 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
index 921db4c51..8d2f57828 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
index fa662875d..e4ef757fb 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
index fa662875d..e4ef757fb 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
index ac8f98b70..d77218b77 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
send_vendor_id = yes
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
index af2bc1675..a7f7b99ec 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index c77902caa..29132e757 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
index 6e9280e41..73d687a0c 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
install_routes=no
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index dd817a963..6420b3414 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index dd817a963..6420b3414 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
index 20d891cdc..f988d90b4 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
index 20d891cdc..f988d90b4 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 06480bae6..a442b244d 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index ab6f08e2d..6fcefc56a 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index dbb64dbb4..aa50403d8 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+ load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat
index 1d64321b5..b5108051c 100644
--- a/testing/tests/sql/ip-pool-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat
@@ -17,3 +17,4 @@ dave::ipsec start
carol::sleep 1
dave::ipsec up home
carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
index 9df154ee2..aed370ffa 100644
--- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve
}
diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
index 9df154ee2..aed370ffa 100644
--- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve
}
diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
}
-libstrongswan {
+libhydra {
plugins {
attr-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
libstrongswan {
diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
libstrongswan {
diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
libstrongswan {
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index c45b3ebd8..a5a7d2017 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2
+ load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index d892e54ad..52de80b19 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2
+ load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
}
--
cgit v1.2.3