aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--testing/tests/ikev1/alg-blowfish/description.txt4
-rw-r--r--testing/tests/ikev1/alg-blowfish/evaltest.dat8
-rw-r--r--testing/tests/ikev1/alg-serpent/description.txt4
-rw-r--r--testing/tests/ikev1/alg-serpent/evaltest.dat8
-rw-r--r--testing/tests/ikev1/alg-sha2_256/description.txt4
-rw-r--r--testing/tests/ikev1/alg-sha2_256/evaltest.dat8
-rw-r--r--testing/tests/ikev1/alg-twofish/description.txt4
-rw-r--r--testing/tests/ikev1/alg-twofish/evaltest.dat8
-rw-r--r--testing/tests/ikev1/esp-ah-transport/description.txt2
-rw-r--r--testing/tests/ikev1/esp-ah-transport/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-ah-tunnel/description.txt2
-rw-r--r--testing/tests/ikev1/esp-ah-tunnel/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-aesxcbc/description.txt2
-rw-r--r--testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-camellia/description.txt2
-rw-r--r--testing/tests/ikev1/esp-alg-camellia/evaltest.dat4
-rw-r--r--testing/tests/ikev1/esp-alg-des/evaltest.dat6
-rw-r--r--testing/tests/ikev1/esp-alg-null/evaltest.dat6
-rwxr-xr-xtesting/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/esp-alg-strict-fail/description.txt6
-rw-r--r--testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat6
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/esp-alg-strict/description.txt8
-rw-r--r--testing/tests/ikev1/esp-alg-strict/evaltest.dat10
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf4
-rwxr-xr-xtesting/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/esp-alg-weak/description.txt2
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_384/description.txt4
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat8
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_512/description.txt4
-rw-r--r--testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat8
-rw-r--r--testing/tests/ikev1/ike-alg-strict-fail/description.txt6
-rw-r--r--testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat2
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf2
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev1/ike-alg-strict/description.txt8
-rw-r--r--testing/tests/ikev1/ike-alg-strict/evaltest.dat10
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf4
-rwxr-xr-xtesting/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf2
41 files changed, 97 insertions, 93 deletions
diff --git a/testing/tests/ikev1/alg-blowfish/description.txt b/testing/tests/ikev1/alg-blowfish/description.txt
index cff0a1915..7d8f245ab 100644
--- a/testing/tests/ikev1/alg-blowfish/description.txt
+++ b/testing/tests/ikev1/alg-blowfish/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>BLOWFISH_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and
-<b>BLOWFISH_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat
index a2ae3ff6b..fd46cdb9d 100644
--- a/testing/tests/ikev1/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat
@@ -1,9 +1,9 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: BLOWFISH_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: BLOWFISH_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: BLOWFISH_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: BLOWFISH_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
carol::ip xfrm state::enc cbc(blowfish)::YES
moon::ip xfrm state::enc cbc(blowfish)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-serpent/description.txt b/testing/tests/ikev1/alg-serpent/description.txt
index f49c0a1c0..604fb45df 100644
--- a/testing/tests/ikev1/alg-serpent/description.txt
+++ b/testing/tests/ikev1/alg-serpent/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>SERPENT_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and
-<b>SERPENT_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
+<b>SERPENT_CBC_256 / HMAC_SHA2_256 </b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-serpent/evaltest.dat b/testing/tests/ikev1/alg-serpent/evaltest.dat
index ffca0e7a0..2be8f675f 100644
--- a/testing/tests/ikev1/alg-serpent/evaltest.dat
+++ b/testing/tests/ikev1/alg-serpent/evaltest.dat
@@ -1,9 +1,9 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: SERPENT_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: SERPENT_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: SERPENT_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: SERPENT_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES
carol::ip xfrm state::enc cbc(serpent)::YES
moon::ip xfrm state::enc cbc(serpent)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-sha2_256/description.txt b/testing/tests/ikev1/alg-sha2_256/description.txt
index 900fcf017..e0af2e2f7 100644
--- a/testing/tests/ikev1/alg-sha2_256/description.txt
+++ b/testing/tests/ikev1/alg-sha2_256/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the rather strong cipher suite
-<b>AES_CBC_128-SHA2_256-MODP1536</b> for the IKE protocol and
-<b>AES_128-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_1536</b> for the IKE protocol and
+<b>AES_CBC_128 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha2_256/evaltest.dat b/testing/tests/ikev1/alg-sha2_256/evaltest.dat
index 42d0099eb..b8a83e0fb 100644
--- a/testing/tests/ikev1/alg-sha2_256/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha2_256/evaltest.dat
@@ -1,10 +1,10 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA2_256-MODP1536::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA2_256-MODP1536::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
carol::ip xfrm state::auth hmac(sha256)::YES
moon::ip xfrm state::auth hmac(sha256)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/alg-twofish/description.txt b/testing/tests/ikev1/alg-twofish/description.txt
index 0015561ee..b65ea7b8d 100644
--- a/testing/tests/ikev1/alg-twofish/description.txt
+++ b/testing/tests/ikev1/alg-twofish/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>TWOFISH_CBC_256-SHA2_512-MODP4096</b> for the IKE protocol and
-<b>TWOFISH_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
+<b>TWOFISH_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-twofish/evaltest.dat b/testing/tests/ikev1/alg-twofish/evaltest.dat
index 69e9267c3..34c9d1c65 100644
--- a/testing/tests/ikev1/alg-twofish/evaltest.dat
+++ b/testing/tests/ikev1/alg-twofish/evaltest.dat
@@ -1,9 +1,9 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE algorithm newest: TWOFISH_CBC_256-SHA2_512-MODP4096::YES
-moon::ipsec statusall::IKE algorithm newest: TWOFISH_CBC_256-SHA2_512-MODP4096::YES
-carol::ipsec statusall::ESP algorithm newest: TWOFISH_256-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: TWOFISH_256-HMAC_SHA2_256::YES
+carol::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+moon::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES
carol::ip xfrm state::enc cbc(twofish)::YES
moon::ip xfrm state::enc cbc(twofish)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-ah-transport/description.txt b/testing/tests/ikev1/esp-ah-transport/description.txt
index c7918fa38..f8ffce6e6 100644
--- a/testing/tests/ikev1/esp-ah-transport/description.txt
+++ b/testing/tests/ikev1/esp-ah-transport/description.txt
@@ -1,5 +1,5 @@
In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
+the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The transport mode connection is
tested by <b>carol</b> sending a ping to gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/esp-ah-transport/evaltest.dat b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
index 7c498ad83..526e0d96e 100644
--- a/testing/tests/ikev1/esp-ah-transport/evaltest.dat
+++ b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-;::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-;::YES
+carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_MOON::128 bytes from PH_IP_MOON: icmp_seq=1::YES
carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
diff --git a/testing/tests/ikev1/esp-ah-tunnel/description.txt b/testing/tests/ikev1/esp-ah-tunnel/description.txt
index 809f28c57..332f8177a 100644
--- a/testing/tests/ikev1/esp-ah-tunnel/description.txt
+++ b/testing/tests/ikev1/esp-ah-tunnel/description.txt
@@ -1,5 +1,5 @@
In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH SHA-1 authentication.
+the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
marks all incoming AH packets with the ESP mark. The tunnel mode connection is
tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind
diff --git a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
index 8f4a99641..5103a6318 100644
--- a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
+++ b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-;::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-;::YES
+carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt b/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
index fef0ac2dd..0c39352d9 100644
--- a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
+++ b/testing/tests/ikev1/esp-alg-aesxcbc/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_256/AES_XCBC_MAC</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc</b>
in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
index f464bda65..872962de4 100644
--- a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
@@ -1,8 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: AES_256-AES_XCBC_MAC::YES
-moon::ipsec statusall::ESP algorithm newest: AES_256-AES_XCBC_MAC::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
carol::ip xfrm state::auth xcbc(aes)::YES
moon::ip xfrm state::auth xcbc(aes)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-camellia/description.txt b/testing/tests/ikev1/esp-alg-camellia/description.txt
index ead39f580..b679d03ec 100644
--- a/testing/tests/ikev1/esp-alg-camellia/description.txt
+++ b/testing/tests/ikev1/esp-alg-camellia/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>CAMELLIA_192/HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256-modp2048</b>
+<b>CAMELLIA_CBC_192 / HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256</b>
in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
index b2871dabd..1b0f3a12b 100644
--- a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP algorithm newest: CAMELLIA_192-HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP algorithm newest: CAMELLIA_192-HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
+moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
carol::ip xfrm state::enc cbc(camellia)::YES
moon::ip xfrm state::enc cbc(camellia)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-des/evaltest.dat b/testing/tests/ikev1/esp-alg-des/evaltest.dat
index 8e06392f1..57d09a488 100644
--- a/testing/tests/ikev1/esp-alg-des/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-des/evaltest.dat
@@ -1,6 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::ESP algorithm newest: DES_0-HMAC_MD5::YES
-carol::ipsec statusall::ESP algorithm newest: DES_0-HMAC_MD5::YES
+moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
+carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
+moon::ip xfrm state::enc cbc(des)::YES
+carol::ip xfrm state::enc cbc(des)::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat
index de2f2a571..8c748a54c 100644
--- a/testing/tests/ikev1/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat
@@ -1,5 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::ESP algorithm newest::NULL_0-HMAC_SHA1::YES
-carol::ipsec statusall::ESP algorithm newest::NULL_0-HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
+carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
+moon::ip xfrm state::enc ecb(cipher_null)::YES
+carol::ip xfrm state::enc ecb(cipher_null)::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
index b939e4fda..3c9fdbb71 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes-128-sha
+ ike=aes-sha1
esp=null-sha1!
conn home
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
index 9ca761cb5..62f17df49 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha!
+ ike=aes-sha1!
esp=null-sha1!
conn rw
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/description.txt b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
index 03c655480..252080e80 100644
--- a/testing/tests/ikev1/esp-alg-strict-fail/description.txt
+++ b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
+<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
+<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
index 6f2024ff9..83d99bea1 100644
--- a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
@@ -1,9 +1,9 @@
carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
-carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
+carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::YES
-moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
+moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*ISAKMP SA established::NO
-moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES
+moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
moon::cat /var/log/auth.log::no acceptable Proposal in IPsec SA::YES
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
index f61cfc6bb..21997940b 100755
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha
+ ike=3des-sha1
esp=3des-sha1
conn home
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
index 5bf53b8bc..14f58ccc3 100755
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha
+ ike=aes128-sha1
esp=aes128-sha1!
conn rw
diff --git a/testing/tests/ikev1/esp-alg-strict/description.txt b/testing/tests/ikev1/esp-alg-strict/description.txt
index b4fc08253..149a1e013 100644
--- a/testing/tests/ikev1/esp-alg-strict/description.txt
+++ b/testing/tests/ikev1/esp-alg-strict/description.txt
@@ -1,7 +1,7 @@
-Roadwarrior <b>carol</b> proposes <b>3DES</b> encryption (together with
-SHA-1 authentication) in the first place and <b>AES-128</b> encryption in
+Roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption (together with
+HMAC_SHA1 authentication) in the first place and <b>AES_CBC_128</b> encryption in
second place for both the ISAKMP and IPsec SAs. Gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> but will accept any other supported algorithm proposed
+<b>ike=aes128-sha1</b> but will accept any other supported algorithm proposed
by the peer during Phase 1. But for ESP encryption <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by applying the strict flag '!'.
+<b>esp=aes128-sha1!</b> by applying the strict flag '!'.
diff --git a/testing/tests/ikev1/esp-alg-strict/evaltest.dat b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
index d5dd12d4e..912a8d830 100644
--- a/testing/tests/ikev1/esp-alg-strict/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::IPSec Transform.*ESP_3DES (192), AUTH_ALGORITHM_HMAC_SHA1.*refused due to strict flag::YES
-moon::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
-moon::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
-carol::ipsec statusall::IKE algorithm newest: 3DES_CBC_192-SHA::YES
-carol::ipsec statusall::ESP algorithm newest: AES_128-HMAC_SHA1::YES
+moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
+moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
+carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
index 0ae6b0693..7e2de30cd 100755
--- a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha,aes-128-sha
- esp=3des-sha1,aes-128-sha1
+ ike=3des-sha,aes128-sha1
+ esp=3des-sha1,aes128-sha1
conn home
left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
index 5bf53b8bc..14f58ccc3 100755
--- a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha
+ ike=aes128-sha1
esp=aes128-sha1!
conn rw
diff --git a/testing/tests/ikev1/esp-alg-weak/description.txt b/testing/tests/ikev1/esp-alg-weak/description.txt
index ffb6882f5..e49b6c620 100644
--- a/testing/tests/ikev1/esp-alg-weak/description.txt
+++ b/testing/tests/ikev1/esp-alg-weak/description.txt
@@ -1,4 +1,4 @@
-The roadwarrior <b>carol</b> proposes <b>1DES</b> encryption with MD5 authentication
+The roadwarrior <b>carol</b> proposes <b>DES_CBC</b> encryption with HMAC_MD5 authentication
as the only cipher suite for the IPsec SA. Because gateway <b>moon</b> does
not use an explicit <b>esp</b> statement any strong encryption algorithm will be
accepted but any weak key length will be rejected by default and thus the ISAKMP SA
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/description.txt b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
index a347a3fed..a0bda209c 100644
--- a/testing/tests/ikev1/ike-alg-sha2_384/description.txt
+++ b/testing/tests/ikev1/ike-alg-sha2_384/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>AES_CBC_192-SHA2_384-MODP4096</b> for the IKE protocol and
-<b>AES_192-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_192 / HMAC_SHA2_384 / MODP4096</b> for the IKE protocol and
+<b>AES_CBC_192 /HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
index 31959f53a..a4cc39150 100644
--- a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat
@@ -1,8 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_192-SHA2_384-MODP4096::YES
-moon::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
-carol::ipsec statusall::ESP algorithm newest: AES_192-HMAC_SHA2_256::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/ike-alg-sha2_512/description.txt b/testing/tests/ikev1/ike-alg-sha2_512/description.txt
index 1bec4b8c6..240b8f2b0 100644
--- a/testing/tests/ikev1/ike-alg-sha2_512/description.txt
+++ b/testing/tests/ikev1/ike-alg-sha2_512/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the paranoid cipher suite
-<b>AES_CBC_256-SHA2_512-MODP8192</b> for the IKE protocol and
-<b>AES_256-HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>AES_CBC_256 / HMAC_SHA2_512 / MODP_8192</b> for the IKE protocol and
+<b>AES_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
index dbd35429c..10929457f 100644
--- a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat
@@ -1,8 +1,8 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_256-SHA2_512-MODP8192::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_256-SHA2_512-MODP8192::YES
-moon::ipsec statusall::ESP algorithm newest: AES_256-HMAC_SHA2_256::YES
-carol::ipsec statusall::ESP algorithm newest: AES_256-HMAC_SHA2_256::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES
+moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES
+carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/description.txt b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
index 03c655480..252080e80 100644
--- a/testing/tests/ikev1/ike-alg-strict-fail/description.txt
+++ b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with SHA-1 authentication
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes-128-sha</b> only, but will accept any other support algorithm proposed by the peer,
+<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes-128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
+<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
index 931b8855a..0c6bc7f7e 100644
--- a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
@@ -1,5 +1,5 @@
carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
-moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES
+moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
moon::cat /var/log/auth.log::no acceptable Oakley Transform::YES
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
index cbe5469f0..63ad1c01d 100755
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha
+ ike=3des-sha1
esp=3des-sha1
conn home
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
index 42e5f8404..1ea5fe7a5 100755
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha!
+ ike=aes128-sha1!
esp=aes128-sha1
conn rw
diff --git a/testing/tests/ikev1/ike-alg-strict/description.txt b/testing/tests/ikev1/ike-alg-strict/description.txt
index 35d266e20..af93b95c3 100644
--- a/testing/tests/ikev1/ike-alg-strict/description.txt
+++ b/testing/tests/ikev1/ike-alg-strict/description.txt
@@ -1,5 +1,5 @@
-The roadwarrior <b>carol</b> proposes <b>3DES</b> encryption with <b>SHA-1</b> authentication in the first place
-and <b>AES-128</b> encryption with <b>SHA-1</b> authentication in the second place for both the ISAKMP and IPsec SA.
-The gateway <b>moon</b> enforces <b>ike=aes-128-sha!</b> for Phase 1 by using the strict flag '!',
+The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with <b>HMAC_SHA1</b> authentication in the first place
+and <b>AES_CBC_128</b> encryption with <b>HMAC_SHA1</b> authentication in the second place for both the ISAKMP and IPsec SA.
+The gateway <b>moon</b> enforces <b>ike=aes128-sha!</b> for Phase 1 by using the strict flag '!',
but will accept any other supported algorithm proposed by the peer for Phase 2 , even though <b>moon</b>
-defines itself <b>esp=aes-128-sha1</b> only.
+defines itself <b>esp=aes128-sha1</b> only.
diff --git a/testing/tests/ikev1/ike-alg-strict/evaltest.dat b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
index 46140be8a..8acd0d039 100644
--- a/testing/tests/ikev1/ike-alg-strict/evaltest.dat
+++ b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
@@ -1,7 +1,7 @@
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::Oakley Transform.*OAKLEY_3DES_CBC (192), OAKLEY_SHA.*refused due to strict flag::YES
-moon::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES
-moon::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES
-carol::ipsec statusall::IKE algorithm newest: AES_CBC_128-SHA::YES
-carol::ipsec statusall::ESP algorithm newest: 3DES_0-HMAC_SHA1::YES
+moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1::YES
+moon::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA::YES
+carol::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
index b8e2257c4..9272bdc7f 100755
--- a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
@@ -11,8 +11,8 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=3des-sha,aes-128-sha
- esp=3des-sha1,aes-128-sha1
+ ike=3des-sha1,aes128-sha1
+ esp=3des-sha1,aes128-sha1
conn home
left=PH_IP_CAROL
leftcert=carolCert.pem
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
index 42e5f8404..1ea5fe7a5 100755
--- a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha!
+ ike=aes128-sha1!
esp=aes128-sha1
conn rw
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 01:40:17 +0000