diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-11-08 13:50:14 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-11-14 16:20:51 +0100 |
| commit | 99c03e9a110d1adfeab83274b40a5c78f63b4c5f (patch) | |
| tree | 27936f4dee37de65fca005437ab9d15edbfee137 /testing/tests/ikev2 | |
| parent | 549b325d9d4504efe9a189328638225e9fcaad3a (diff) | |
| download | strongswan-99c03e9a110d1adfeab83274b40a5c78f63b4c5f.tar.bz2 strongswan-99c03e9a110d1adfeab83274b40a5c78f63b4c5f.tar.xz | |
testing: make curve25519 the default DH group
Diffstat (limited to 'testing/tests/ikev2')
433 files changed, 514 insertions, 485 deletions
diff --git a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf index bae8628f3..6276b14ee 100644 --- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf index bae8628f3..6276b14ee 100644 --- a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf index bae8628f3..6276b14ee 100644 --- a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf index f585edfca..66ff24601 100644 --- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ccm/description.txt b/testing/tests/ikev2/alg-aes-ccm/description.txt index 28e38ca7f..569504aa0 100644 --- a/testing/tests/ikev2/alg-aes-ccm/description.txt +++ b/testing/tests/ikev2/alg-aes-ccm/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite -<b>AES_CCM_12_128</b> both for IKE and ESP by defining <b>ike=aes128ccm12-aesxcbc-modp2048</b> -(or alternatively <b>aes128ccm96</b>) and <b>esp=aes128ccm12-modp2048</b> in ipsec.conf, respectively. +<b>AES_CCM_12_128</b> both for IKE and ESP by defining <b>ike=aes128ccm12-aesxcbc-curve25519</b> +(or alternatively <b>aes128ccm96</b>) and <b>esp=aes128ccm12-curve25519</b> in ipsec.conf, respectively. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf index 03707f89f..28d19357f 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm96-aesxcbc-modp2048! - esp=aes128ccm96-modp2048! + ike=aes128ccm96-aesxcbc-curve25519! + esp=aes128ccm96-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf index f295f159a..eb329f28a 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf index d7ed92f7e..c674ecc2f 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm12-aesxcbc-modp2048! - esp=aes128ccm12-modp2048! + ike=aes128ccm12-aesxcbc-curve25519! + esp=aes128ccm12-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf index f295f159a..ffe6974db 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ccm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ctr/description.txt b/testing/tests/ikev2/alg-aes-ctr/description.txt index edb601b61..1ac6b4cd1 100644 --- a/testing/tests/ikev2/alg-aes-ctr/description.txt +++ b/testing/tests/ikev2/alg-aes-ctr/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite -<b>AES_CTR_128</b> both for IKE and ESP by defining <b>ike=aes128ctr-aesxcbc-modp2048</b> -and <b>esp=aes128ctr-aesxcbc-modp2048</b> in ipsec.conf, respectively. +<b>AES_CTR_128</b> both for IKE and ESP by defining <b>ike=aes128ctr-aesxcbc-curve25519</b> +and <b>esp=aes128ctr-aesxcbc-curve25519</b> in ipsec.conf, respectively. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf index 3be20c613..165086150 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-modp2048! - esp=aes128ctr-aesxcbc-modp2048! + ike=aes128ctr-aesxcbc-curve25519! + esp=aes128ctr-aesxcbc-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf index cae7e00ca..c6ef5d795 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf index 1cf16ee38..73afe9874 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-modp2048! - esp=aes128ctr-aesxcbc-modp2048! + ike=aes128ctr-aesxcbc-curve25519! + esp=aes128ctr-aesxcbc-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf index cae7e00ca..3ec3f0078 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ctr stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-gcm/description.txt b/testing/tests/ikev2/alg-aes-gcm/description.txt index 2afcecd68..ccf32fc3a 100644 --- a/testing/tests/ikev2/alg-aes-gcm/description.txt +++ b/testing/tests/ikev2/alg-aes-gcm/description.txt @@ -1,5 +1,5 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite -<b>AES_GCM_16_256</b> both for IKE and ESP by defining <b>ike=aes256gcm16-aesxcbc-modp2048</b> -(or alternatively <b>aes256gcm128</b>) and <b>esp=aes256gcm16-modp2048</b> in ipsec.conf, +<b>AES_GCM_16_256</b> both for IKE and ESP by defining <b>ike=aes256gcm16-aesxcbc-curve25519</b> +(or alternatively <b>aes256gcm128</b>) and <b>esp=aes256gcm16-curve25519</b> in ipsec.conf, respectively. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index 7a808ff65..47f8f7f7c 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm128-aesxcbc-modp2048! - esp=aes256gcm128-modp2048! + ike=aes256gcm128-aesxcbc-curve25519! + esp=aes256gcm128-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf index e396bb199..7cb4496f2 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 12a35cb8a..78ef62115 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm16-aesxcbc-modp2048! - esp=aes256gcm16-modp2048! + ike=aes256gcm16-aesxcbc-curve25519! + esp=aes256gcm16-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf index e396bb199..35d3c19a2 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc gcm stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/description.txt b/testing/tests/ikev2/alg-aes-xcbc/description.txt index c71d7493f..d69d3d0b6 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/description.txt +++ b/testing/tests/ikev2/alg-aes-xcbc/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-modp2048!</b> +<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index 4b8548404..42bf0764a 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index c9e9e92e5..f71f7b347 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-modp3072! - esp=aes128-aesxcbc-modp3072! + ike=aes128-aesxcbc-curve25519! + esp=aes128-aesxcbc-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index f585edfca..ce996478c 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 4e4a9324f..a9ddd6a49 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-modp3072! - esp=aes128-aesxcbc-modp3072! + ike=aes128-aesxcbc-curve25519! + esp=aes128-aesxcbc-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index f585edfca..69f188e3d 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index 1f0fd41a8..d69a7b808 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index 1f0fd41a8..a3c9999f7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha256-96/description.txt b/testing/tests/ikev2/alg-sha256-96/description.txt index e1d591625..9e5321eb6 100644 --- a/testing/tests/ikev2/alg-sha256-96/description.txt +++ b/testing/tests/ikev2/alg-sha256-96/description.txt @@ -1,5 +1,5 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite <b>AES_CBC_128 / HMAC_SHA2_256_96</b> which uses 96 bit instead of the standard 128 bit truncation, allowing compatibility with Linux kernels older than 2.6.33 -by defining <b>esp=aes128-sha256_96-modp2048!</b> in ipsec.conf. +by defining <b>esp=aes128-sha256_96-curve25519!</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat index c5ea03f4c..42e7b9335 100644 --- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf index 90a143678..e2557dc0b 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256_96-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256_96-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf index adc0ab9fb..a3837a4ce 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf index e0b2625c0..c1d8d33ce 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256_96-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256_96-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf index adc0ab9fb..55a6df151 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-sha256/description.txt b/testing/tests/ikev2/alg-sha256/description.txt index 826a8f10b..f7e53913c 100644 --- a/testing/tests/ikev2/alg-sha256/description.txt +++ b/testing/tests/ikev2/alg-sha256/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b> +<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat index 8bfcbc428..f47852b34 100644 --- a/testing/tests/ikev2/alg-sha256/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf index 6890ea458..1bae9405c 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf index 583111893..1a1d99adf 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-modp3072! - esp=aes128-sha256-modp3072! + ike=aes128-sha256-curve25519! + esp=aes128-sha256-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha384/description.txt b/testing/tests/ikev2/alg-sha384/description.txt index 2255fe8fb..f96ea5c4f 100644 --- a/testing/tests/ikev2/alg-sha384/description.txt +++ b/testing/tests/ikev2/alg-sha384/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite -<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b> +<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-curve25519!</b> in ipsec.conf. The same cipher suite is used for IKE. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat index 1148a182e..56d862e1e 100644 --- a/testing/tests/ikev2/alg-sha384/evaltest.dat +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf index e02d90b78..ddeb092e0 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-curve25519! + esp=aes192-sha384-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf index 990fce1d0..804154834 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-modp3072! - esp=aes192-sha384-modp3072! + ike=aes192-sha384-curve25519! + esp=aes192-sha384-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf index fed33db4c..d4085e6a4 100644 --- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf index 5d1c35cc2..0fbefa3fc 100644 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf index 5d1c35cc2..729db4526 100644 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index de6bda2d1..b8817fe13 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf index 269e1a5d9..448093f9f 100644 --- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf index a2bdf799f..dbcb7a368 100644 --- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf index ea1b90593..82118b410 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default cache_crls = yes } diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf index d0c3f8c49..a9c6e8d4e 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf index d0c3f8c49..a9c6e8d4e 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf index ea1b90593..82118b410 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default cache_crls = yes } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf index 1c7c270df..c4a0ff8bb 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp + plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf index 1c7c270df..c4a0ff8bb 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp + plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf index d96d1d74e..0883bf058 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp + plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf index 4ccce1f6a..af5fa19ef 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf index 4ccce1f6a..93f434598 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -1,7 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown - - dh_exponent_ansi_x9_42 = no + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt index 823ec253d..0d5eb1015 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt +++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt @@ -1,4 +1,4 @@ Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only -ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b> +ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-curve25519!</b> in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel. diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index 8f5b77cac..95edc62a7 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-aesxcbc-curve25519! + esp=aes256gmac-curve25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf index f585edfca..ce996478c 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index d41ba72e8..c3042f2b3 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256gmac-modp2048! + ike=aes256-aesxcbc-curve25519! + esp=aes256gmac-curve25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf index f585edfca..69f188e3d 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf index f585edfca..2c4f3fc21 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index d9888a15d..b80e9f781 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -3,9 +3,9 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 176::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 176::YES diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf index 1d8509115..e367cbf4a 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-curve25519! + esp=null-sha256! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf index 38f8bd619..84cad9a81 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp2048! - esp=null-sha1! + ike=aes128-sha256-curve25519! + esp=null-sha256! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf index 52629873e..043c3d79f 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! + ike=aes128-sha1-modp2048! esp=aes128-sha1_160! conn home diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf index f585edfca..3f1327387 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf index d4cc3fbaf..86819631b 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! + ike=aes128-sha1-modp2048! esp=aes128-sha1_160! conn rw diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf index f585edfca..be00a11eb 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf index eaaf8bd96..e34ca9da7 100644 --- a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS } diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf index 986ef32de..9cd6f687d 100644 --- a/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr forecast + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr forecast + syslog { daemon { net = 2 diff --git a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..373830110 --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation pubkey curve25519 gmp curl kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf index 1311e5b27..e3fc4d707 100644 --- a/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default connmark + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default connmark } diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf new file mode 100644 index 000000000..373830110 --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation pubkey curve25519 gmp curl kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..281da123f --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..281da123f --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf new file mode 100644 index 000000000..281da123f --- /dev/null +++ b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke +} diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf index 7b81476e9..0fbefa3fc 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf index 7d97dd229..c22405914 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf index 7d97dd229..c22405914 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf index 7b81476e9..f0b74a743 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf index b238646ac..1664d55aa 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf index 7b81476e9..729db4526 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf index b238646ac..1664d55aa 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf index da157a5ee..db9ab464b 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql plugins { attr-sql { diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf index f585edfca..952df5e67 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf index f585edfca..952df5e67 100644 --- a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf index af1bc1851..cabe702e5 100644 --- a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown lookip + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown lookip } diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf index 414eebaa0..5615f4491 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf index 414eebaa0..51614f716 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf index 710c38b9e..aab6993ce 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf index 91ded3733..fa36317e7 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf index 91ded3733..fa36317e7 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf index d0c3f8c49..2881b73c5 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf index 0431c5d1f..3038f522d 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce constraints x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp constraints x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf index 8d3610bd6..0b6834b16 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation constraints hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation constraints hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf index 924fd4757..f6cb39c78 100644 --- a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf index 924fd4757..f6cb39c78 100644 --- a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf index 924fd4757..f6cb39c78 100644 --- a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-ah/description.txt b/testing/tests/ikev2/net2net-ah/description.txt index a8ac7ee6b..7816aa275 100644 --- a/testing/tests/ikev2/net2net-ah/description.txt +++ b/testing/tests/ikev2/net2net-ah/description.txt @@ -1,7 +1,7 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. -With <b>ah=sha1-md5</b> gateway <b>moon</b> proposes the use of an -<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection -with its <b>ah=sha1!</b> configuration. +With <b>ah=sha256-sha384!</b> gateway <b>moon</b> proposes the use of <b>AH</b>. +Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its <b>ah=sha256!</b> +configuration. <p/> Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/ikev2/net2net-ah/evaltest.dat b/testing/tests/ikev2/net2net-ah/evaltest.dat index 1cfc450e7..69a7165cf 100644 --- a/testing/tests/ikev2/net2net-ah/evaltest.dat +++ b/testing/tests/ikev2/net2net-ah/evaltest.dat @@ -1,5 +1,5 @@ -sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/HMAC_MD5_96/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: AH:HMAC_SHA2_256_128/HMAC_SHA2_384_192/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES @@ -7,5 +7,5 @@ sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES -moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES -sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES +moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES +sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf index 602119553..7af65a55d 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev2 - ike=aes128-sha1-modp1536! - ah=sha1-md5 + ike=aes128-sha256-modp3072! + ah=sha256-sha384! conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf index 3f1ee5991..82da6cb7a 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf @@ -5,8 +5,8 @@ config setup conn %default keyexchange=ikev2 - ike=aes128-sha1-modp1536! - ah=sha1! + ike=aes128-sha256-modp3072! + ah=sha256! conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf index 6e5c24063..2cb7f03e0 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no signature_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf index 6e5c24063..2cb7f03e0 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no signature_authentication = no } diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf index d5ac37937..b73dd8a5f 100644 --- a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown plugins { dnscert { diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf index d5ac37937..b73dd8a5f 100644 --- a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown plugins { dnscert { diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf index 58deb25f0..d4c8c5595 100644 --- a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound ipseckey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default stroke updown plugins { ipseckey { diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf index 58deb25f0..d4c8c5595 100644 --- a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound ipseckey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default stroke updown plugins { ipseckey { diff --git a/testing/tests/ikev2/net2net-esn/description.txt b/testing/tests/ikev2/net2net-esn/description.txt index da847b6a4..c9da6820b 100644 --- a/testing/tests/ikev2/net2net-esn/description.txt +++ b/testing/tests/ikev2/net2net-esn/description.txt @@ -1,7 +1,7 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. -With <b>esp=aes128-sha1-esn-noesn!</b> gateway <b>moon</b> proposes the use of +With <b>esp=aes128-sha256-esn-noesn!</b> gateway <b>moon</b> proposes the use of <b>Extended Sequence Numbers</b> but can also live without them. Gateway <b>sun</b> -defines <b>esp=aes128-sha1-esn!</b> and thus decides on the use of ESN. +defines <b>esp=aes128-sha256-esn!</b> and thus decides on the use of ESN. <p/> Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> 10 times. diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat index 63058eb88..534ace9e1 100644 --- a/testing/tests/ikev2/net2net-esn/evaltest.dat +++ b/testing/tests/ikev2/net2net-esn/evaltest.dat @@ -1,5 +1,5 @@ -sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES -sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES @@ -11,6 +11,6 @@ moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES -moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES -sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf index 3418e63c4..8cce0c957 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn-noesn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn-noesn! mobike=no conn net-net diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf index f0b6c906f..1fd5ddb03 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf @@ -9,8 +9,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha1-modp1536! - esp=aes128-sha1-esn! + ike=aes128-sha256-modp3072! + esp=aes128-sha256-esn! mobike=no conn net-net diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf index ddba8b199..02ae5affa 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf index 8cc4192c6..02280ac2f 100644 --- a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf @@ -1,8 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf index 8cc4192c6..02280ac2f 100644 --- a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf @@ -1,8 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 - dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf index db2698dbf..904a5fa6e 100644 --- a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default forecast multiple_authentication = no plugins { diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf index db2698dbf..904a5fa6e 100644 --- a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default forecast multiple_authentication = no plugins { diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf index 867949da4..49077484a 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf index e39c9222e..1dcbd6c27 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 3925d92a4..38df6a919 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index a4cfc6168..0b31f738c 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes } diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf index 8accff27c..a76d6017e 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf index 8accff27c..a76d6017e 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf index 8accff27c..7e5328760 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf index 8accff27c..7e5328760 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf index 92e758d35..4494daee7 100644 --- a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf index 92e758d35..4494daee7 100644 --- a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf index 5d04d3e99..3cf8c8807 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf index 5d04d3e99..3cf8c8807 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf index 5db4358d6..1188d686d 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf index 3cd90047f..4cc2e21c6 100644 --- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf index 3cd90047f..4cc2e21c6 100644 --- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf index f1b3fb77f..18ed6a4c4 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf index f1b3fb77f..18ed6a4c4 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf index e1efec866..045e3a082 100644 --- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf index e1efec866..045e3a082 100644 --- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown + load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown } diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf index ddba8b199..8d89cd0bb 100644 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf index 7014c369e..48e8fc6ff 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf index f89437e43..1f0c2fad4 100644 --- a/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown make_before_break = yes } diff --git a/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf index f89437e43..1f0c2fad4 100644 --- a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown make_before_break = yes } diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf index f89437e43..1f0c2fad4 100644 --- a/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown make_before_break = yes } diff --git a/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf index 6f7f4c4cb..db3b53542 100644 --- a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown vici } diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf index e58af9efd..af5fa19ef 100644 --- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf index ecbad665c..16a0a8ca0 100644 --- a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf index 7c415b1ee..16a0a8ca0 100644 --- a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat index be78c5125..849d59a4e 100644 --- a/testing/tests/ikev2/rw-cert/evaltest.dat +++ b/testing/tests/ikev2/rw-cert/evaltest.dat @@ -12,4 +12,3 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 6a6d39899..520eb71ee 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 6a6d39899..520eb71ee 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 6a6d39899..520eb71ee 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf index 825af9dd0..29fa36133 100644 --- a/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve plugins { ipseckey { diff --git a/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf index 825af9dd0..0d3c7b781 100644 --- a/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve plugins { ipseckey { diff --git a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf index 644ac3d6a..fa853d435 100644 --- a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 dnskey pubkey unbound ipseckey gmp random nonce hmac stroke kernel-netlink socket-default updown attr + load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf index 32446b8c5..364b8c0fc 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf index 32446b8c5..364b8c0fc 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index b3d3510d0..a919d68ec 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index b3d3510d0..a919d68ec 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf index decdc7ecd..43e0ef3ca 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown } diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf index 75c8ad3f3..407683a43 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-md5 eap-tls eap-dynamic updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown plugins { eap-dynamic { diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf index 6cdad0a92..1479e3004 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { class_group = yes diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf index 6cdad0a92..1479e3004 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { class_group = yes diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf index 2a5c62cc2..0250ce3b1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf index 710c38b9e..3a8d5c20c 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf index 6de89b826..6d37fbb9d 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf index c54efe568..f399dfbf1 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf index e48153bce..51eaacbe4 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown + load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf index e48153bce..51eaacbe4 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown + load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf index ccf3f2c86..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf index ccf3f2c86..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf index 5f9465d5c..48dcd3068 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no + plugins { eap-peap { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf index f97b28fb1..96b9ad0f7 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf index f97b28fb1..96b9ad0f7 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf index f2a9c378b..e8f76d443 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown multiple_authentication=no plugins { eap-peap { diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf index d2989a843..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf index d2989a843..c8c3f8562 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf index 3629454ed..968155146 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown multiple_authentication=no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf index 414eebaa0..51614f716 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf index 710c38b9e..3a8d5c20c 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf index 1ea5962b9..195893a18 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf index 1ea5962b9..195893a18 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf index 6de89b826..6725cf830 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown + load = random nonce aes sha1 sha2 md5 curve25519 hmac stroke kernel-netlink socket-default eap-radius updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat index 960352c51..9614686c2 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat @@ -1,3 +1,6 @@ +moon::rm /etc/ipsec.d/cacerts/* +carol::rm /etc/ipsec.d/cacerts/* +dave::rm /etc/ipsec.d/cacerts/* moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf index 1ea5962b9..e78434f8f 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf index 1ea5962b9..e78434f8f 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf index 6de89b826..6d37fbb9d 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf index a2c3b7154..e652c52d7 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf index 1716f912b..001583513 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf index 2fc9f94d3..6b0ab0dcc 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no plugins { diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf index 2fc9f94d3..6b0ab0dcc 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no plugins { diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf index 151017626..2261fc3e1 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf index 35b6f399e..8865bd52c 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf index 50f0389d3..84d571482 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf @@ -1,9 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no } + libtls { suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 } diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf index fbf1617bc..783b4c844 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown multiple_authentication=no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf index e1a0cee27..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf index e1a0cee27..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf index 3f7b266a4..242329b3b 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + plugins { eap-ttls { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf index d148c4e97..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf index d148c4e97..951002690 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf index 2d85e8c03..20afebf81 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + plugins { eap-ttls { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf index e1a0cee27..1d380c409 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf index e1a0cee27..1d380c409 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no } diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf index fbf1617bc..968155146 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf @@ -1,8 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown multiple_authentication=no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf index 7ea4d88b3..9c9714a33 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf index 7ea4d88b3..3a52f0db6 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf index 7ea4d88b3..3a52f0db6 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf index 73b0885d0..54b68df4f 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown initiator_only = yes } diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf index 094e0effa..93f434598 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf index 094e0effa..93f434598 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf index d35cb993a..680785b23 100644 --- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes des md5 sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf index d35cb993a..6fab7121c 100644 --- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes des sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf index 665ef653b..c58fdbcd7 100644 --- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index d84cba2b0..955514391 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf index 924fd4757..b91dca901 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf index 924fd4757..669e29933 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf index 924fd4757..669e29933 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf index 2a5c62cc2..445b100cc 100644 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf index a7937edd2..75418b8a6 100644 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf index 044d73ac3..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf index 044d73ac3..93f434598 100644 --- a/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf index 044d73ac3..93f434598 100644 --- a/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf index 77edd576c..6145a963a 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac whitelist stroke kernel-netlink socket-default updown plugins { whitelist { enable = yes diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf index 2127105da..93f434598 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf index 0387fdfe9..9d07c88e4 100644 --- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown keep_alive = 5 } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf index 8e685c862..dbcd7d844 100644 --- a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf index 8e685c862..8d89cd0bb 100644 --- a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf index 8e685c862..8d89cd0bb 100644 --- a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf index 8e685c862..8d89cd0bb 100644 --- a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf index f585edfca..af5fa19ef 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf index f585edfca..93f434598 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf index 7014c369e..714f86868 100644 --- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf index 7014c369e..7a64dce30 100644 --- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default } |