diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-03-20 07:24:29 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-03-20 21:18:00 +0100 |
| commit | efc1b9846134349133a8b295840fb260c074d96b (patch) | |
| tree | 15d3d71f0a6f93c0271c375d3f1aac9d54431f53 | |
| parent | db1ab1cd9930fb4e86916591883d2f2ba9fad36c (diff) | |
| download | strongswan-efc1b9846134349133a8b295840fb260c074d96b.tar.bz2 strongswan-efc1b9846134349133a8b295840fb260c074d96b.tar.xz | |
Allow x25519 as an alias of the curve25519 KE algorithm
84 files changed, 172 insertions, 171 deletions
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 8ceff3beb..c44ed96a0 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -164,6 +164,7 @@ ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0 ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0 ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0 curve25519, DIFFIE_HELLMAN_GROUP, CURVE_25519, 0 +x25519, DIFFIE_HELLMAN_GROUP, CURVE_25519, 0 ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0 ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0 ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0 diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf index 28d19357f..c7218e4de 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm96-aesxcbc-curve25519! - esp=aes128ccm96-curve25519! + ike=aes128ccm96-aesxcbc-x25519! + esp=aes128ccm96-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf index c674ecc2f..fdffa0f25 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm12-aesxcbc-curve25519! - esp=aes128ccm12-curve25519! + ike=aes128ccm12-aesxcbc-x25519! + esp=aes128ccm12-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf index 165086150..b5aabdd38 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-curve25519! - esp=aes128ctr-aesxcbc-curve25519! + ike=aes128ctr-aesxcbc-x25519! + esp=aes128ctr-aesxcbc-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf index 73afe9874..650b346eb 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-curve25519! - esp=aes128ctr-aesxcbc-curve25519! + ike=aes128ctr-aesxcbc-x25519! + esp=aes128ctr-aesxcbc-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index 47f8f7f7c..c6bc925e8 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm128-aesxcbc-curve25519! - esp=aes256gcm128-curve25519! + ike=aes256gcm128-aesxcbc-x25519! + esp=aes256gcm128-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 78ef62115..1597aae79 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm16-aesxcbc-curve25519! - esp=aes256gcm16-curve25519! + ike=aes256gcm16-aesxcbc-x25519! + esp=aes256gcm16-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index f71f7b347..93bafcec1 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-curve25519! - esp=aes128-aesxcbc-curve25519! + ike=aes128-aesxcbc-x25519! + esp=aes128-aesxcbc-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index a9ddd6a49..13a179882 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-curve25519! - esp=aes128-aesxcbc-curve25519! + ike=aes128-aesxcbc-x25519! + esp=aes128-aesxcbc-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf index e2557dc0b..6a1a1ad14 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256_96-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256_96-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf index c1d8d33ce..41919c876 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256_96-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256_96-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf index 1bae9405c..b3548db92 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf index 1a1d99adf..da8bff039 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf index ddeb092e0..e9122d4b1 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-curve25519! - esp=aes192-sha384-curve25519! + ike=aes192-sha384-x25519! + esp=aes192-sha384-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf index 804154834..e4b52732c 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-curve25519! - esp=aes192-sha384-curve25519! + ike=aes192-sha384-x25519! + esp=aes192-sha384-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index 95edc62a7..ebe0c277a 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-curve25519! - esp=aes256gmac-curve25519! + ike=aes256-aesxcbc-x25519! + esp=aes256gmac-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index c3042f2b3..1fdb1bd27 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-curve25519! - esp=aes256gmac-curve25519! + ike=aes256-aesxcbc-x25519! + esp=aes256gmac-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf index e367cbf4a..9991b0b24 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! esp=null-sha256! conn home diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf index 84cad9a81..2a2c4cb9c 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! esp=null-sha256! conn rw diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf index b97935ad5..3e7139535 100755 --- a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf index 71631b333..c9e3c2b0c 100755 --- a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf index b97935ad5..3e7139535 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf index 71631b333..c9e3c2b0c 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf index 82f41ca54..8b62b8d5a 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf index b97935ad5..3e7139535 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf index 71631b333..c9e3c2b0c 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf index d6f178a78..de225022b 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf index b97935ad5..3e7139535 100755 --- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf index 71631b333..c9e3c2b0c 100755 --- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf index bd65025d8..e70029609 100755 --- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf index 817977188..810dfe990 100755 --- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 priority = 2 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf index 28c8eaa72..c56a34cbe 100755 --- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf index 560627a55..0245fda08 100755 --- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { interface = eth0 policies_fwd_out = yes - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf index 648941fe3..48653301b 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf @@ -23,10 +23,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf index 902e5f03a..7aa09c296 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf @@ -23,10 +23,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf index e9c9d2637..1b801e9ec 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf @@ -21,10 +21,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf index 7f188e1c9..bcc2742f7 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf index d784bbd76..12cee0fc6 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf index 7f188e1c9..bcc2742f7 100755 --- a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf index d784bbd76..12cee0fc6 100755 --- a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf index ed6e6f4b5..cdf6bcaf5 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf @@ -16,12 +16,12 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } gw-sun { local { diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf index 317a45ddd..404af8ed8 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.2.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf index 391cbedcd..6f41f1f84 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf index 63a500e66..b27593d75 100755 --- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf @@ -24,12 +24,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf index 6832a23ca..4b578d019 100755 --- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf @@ -24,12 +24,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf index f595e14b7..2e1b76502 100755 --- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = trap updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf index 5615986d6..3a523358d 100755 --- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = none updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf index 7f188e1c9..bcc2742f7 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf index d784bbd76..12cee0fc6 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf index 5262e241f..a72957b20 100755 --- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = start updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf index 5615986d6..3a523358d 100755 --- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = none updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf index 4b19e9384..6fd22973f 100644 --- a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { home { remote_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf index 7593ab087..710307195 100755 --- a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { net { local_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf index 4b19e9384..6fd22973f 100644 --- a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { home { remote_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf index 7593ab087..710307195 100755 --- a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { net { local_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf index 6c348bf8f..e0cc29233 100755 --- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf @@ -19,17 +19,17 @@ connections { remote_ts = 10.1.0.0/16[icmp] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ssh { local_ts = dynamic[tcp] remote_ts = 10.1.0.0/16[tcp/ssh] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf index ba647f3ad..7851f43ec 100755 --- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf @@ -18,7 +18,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ssh { local_ts = 10.1.0.0/16[tcp/ssh] @@ -26,10 +26,10 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf index a4993e455..a752c2660 100755 --- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf @@ -19,24 +19,24 @@ connections { remote_ts = 10.1.0.0/16[icmp/2048] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } icmp-rep { local_ts = dynamic[icmp/0] remote_ts = 10.1.0.0/16[icmp/0] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ftp-ssh { local_ts = dynamic[tcp/32768-65535] remote_ts = 10.1.0.0/16[tcp/21-22] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf index 510a5cf0f..3d140a335 100755 --- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf @@ -18,7 +18,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } icmp-rep { local_ts = 10.1.0.0/16[icmp/0] @@ -26,7 +26,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ftp-ssh { local_ts = 10.1.0.0/16[tcp/21-22] @@ -34,10 +34,10 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf index 80c99d9f9..5484bc8a8 100755 --- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf index 484c3522c..2c5c8f3ee 100755 --- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf @@ -18,10 +18,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf index fa8a1fc49..b938f0df5 100755 --- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf index 75ffc28b8..edb9710e2 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf index a7d52b6ea..b894dc7fb 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf index dd075e5e9..6b1a2c281 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf index 07d35e491..173b7ff4a 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf index 4c1e07b5b..04042cd79 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf index 8e8260b66..9070fc3d4 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf @@ -16,11 +16,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf index 5bee1f5bf..f01ee1270 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf index 99c5b9e0a..ac16338e2 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf index 0f8e059b9..530abbd6e 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf @@ -16,11 +16,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf index e4e15bafb..61d81502a 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { remote_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-curve25519 + esp_proposals = aes128-sha256-x25519 } } version = 1 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf index 63d87c3f0..76a6c8970 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-curve25519 + esp_proposals = aes128-sha256-x25519 } } version = 1 - proposals = aes128-sha256-curve25519,3des-sha1-modp2048 + proposals = aes128-sha256-x25519,3des-sha1-modp2048 } rw-2 { @@ -40,6 +40,6 @@ connections { } } version = 1 - proposals = 3des-sha1-modp2048,aes128-sha256-curve25519 + proposals = 3des-sha1-modp2048,aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf index 870ae3ff7..cfa7f7ed3 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf index b3eecc718..0a8499cf1 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf index bd22f41c8..109417276 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf index fd2881064..35fbfdac8 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { remote_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 1 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf index 10dfc779e..cd9c45504 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 1 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } rw-2 { diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf index 5dbbd0b60..467a869c3 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf index 3fed61259..a9e866fe5 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf index a86ee74c7..cb36d6ca0 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf @@ -14,11 +14,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf index a7cba5b09..c5c67cf28 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } local-net { diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf index 1e94c2f45..1edbf338c 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf index a582f8474..9f925e905 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } local-net { |