testing: make curve25519 the default DH group

author Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 8 Nov 2016 12:50:14 +0000 (13:50 +0100)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 14 Nov 2016 15:20:51 +0000 (16:20 +0100)
author Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 8 Nov 2016 12:50:14 +0000 (13:50 +0100)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 14 Nov 2016 15:20:51 +0000 (16:20 +0100)
diff --git a/src/starter/confread.c b/src/starter/confread.c

index 3fb750e512bec774d2820583817ebcfa880c6592..f98fc89368673133b969955415d2f0875cf9206c 100644 (file)
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -40,7 +40,7 @@
  #define SA_REPLACEMENT_RETRIES_DEFAULT   3
  #define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */
  
-static const char ike_defaults[] = "aes128-sha256-modp3072";
+static const char ike_defaults[] = "aes128-sha256-curve25519";
  static const char esp_defaults[] = "aes128-sha256";
  
  static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf

index d6d4539488b50dec7edcf5e1f28541cd9a9afc0e..5072d77d8cdbe106b7a2d12d694fe3ff63160e46 100644 (file)
--- a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha 
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha
+
    plugins {
      ha {
        local = PH_IP_ALICE
diff --git a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf

index e58af9efdec3f9a75255ab08e7eb3af0c262ce12..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf

index ecbad665cce309ffc50b09d84eb229e67b4b41fe..16a0a8ca0c7c3a92f9284595ed22b45f0c8ceeed 100644 (file)
--- a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf

index 198f3a01dbc9d6f96b8d63a4c0d0d9cf497e7051..68d4414bae92474f4953bcba01111225c235cd75 100644 (file)
--- a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha
+
    plugins {
      ha {
        local = PH_IP_MOON1
diff --git a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf

index e8be72ae0be1898f2a629be0758a71f5ec64638e..0d10394c040e574b1f2d08d096098cf778bf844f 100644 (file)
--- a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha 
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha
+
    plugins {
      ha {
        local = PH_IP_ALICE
diff --git a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf

index e58af9efdec3f9a75255ab08e7eb3af0c262ce12..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf

index ecbad665cce309ffc50b09d84eb229e67b4b41fe..16a0a8ca0c7c3a92f9284595ed22b45f0c8ceeed 100644 (file)
--- a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf

index 206fb21b6c6a26916cc203d365240767b6dde7c3..17d54222dd6de4da93a79fb9284a32c975334ff8 100644 (file)
--- a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default ha
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha
+
    plugins {
      ha {
        local = PH_IP_MOON1
diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf

index 0776fb1891b02b8864dc62fe9876ad7787cedf7a..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf

index 0776fb1891b02b8864dc62fe9876ad7787cedf7a..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf

index 0776fb1891b02b8864dc62fe9876ad7787cedf7a..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf

index 9b248e833f8e7689d3f2b28684e2733248a0dac1..ae0529ecc63625288eb79fd2a33c7216bb25e7b7 100644 (file)
--- a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf

index 9b248e833f8e7689d3f2b28684e2733248a0dac1..ab779fc2322f427d6e86f5e25cde1aad9dc7f8b2 100644 (file)
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf

index 9b248e833f8e7689d3f2b28684e2733248a0dac1..ab779fc2322f427d6e86f5e25cde1aad9dc7f8b2 100644 (file)
--- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 curl revocation stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..2c4f3fc214150d4bf636f4031e89b56fd0c7e73f 100644 (file)
--- a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..66ff24601f0a3318c3d62c82fd58319b5e5f9b35 100644 (file)
--- a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf

index 1f0fd41a8aadf729a15265d190b46926dc4e1ece..d69a7b8082015cedb3c90645cbf68435ac0b120d 100644 (file)
--- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf

index 1f0fd41a8aadf729a15265d190b46926dc4e1ece..a3c9999f771b0d64dfbfc69530f74deb859b2018 100644 (file)
--- a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf

index 1f0fd41a8aadf729a15265d190b46926dc4e1ece..a3c9999f771b0d64dfbfc69530f74deb859b2018 100644 (file)
--- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..3f132738762fedae033e1076a1c31668383717cf 100644 (file)
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-sha256/description.txt b/testing/tests/ikev1/alg-sha256/description.txt

index 826a8f10ba13b8bf3bc71b0c345ef7144db7adef..f7e53913c120c3c2bb06eeb9e8a571135b20fabe 100644 (file)
--- a/testing/tests/ikev1/alg-sha256/description.txt
+++ b/testing/tests/ikev1/alg-sha256/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b>
+<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-curve25519!</b>
  in ipsec.conf. The same cipher suite is used for IKE.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat

index 8cbac4ff390a7924c05b1ca991cd46ef8b37a604..d9ff9475e87cb5a8ac1bc7c9e2dbc8b35fa4ece7 100644 (file)
--- a/testing/tests/ikev1/alg-sha256/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha256/evaltest.dat
@@ -2,11 +2,11 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
  carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES
-carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/MODP_3072,::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128/CURVE_25519,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/CURVE_25519,::YES
  moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
  carol::ip xfrm state::auth-trunc hmac(sha256)::YES
  moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf

index 1c227978e3e9dfa2c42307bc77a910752c71bea8..25fce18819d5cb36c4a254d4ab09baa38066c2d3 100644 (file)
--- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha256-modp3072!
-       esp=aes128-sha256-modp3072!
+       ike=aes128-sha256-curve25519!
+       esp=aes128-sha256-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf

index 177aebf5298223ef9275b6185584ec955c6d92f4..b3e5df10b61911a8e34e1fca3f34d89d165f0c32 100644 (file)
--- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha256-modp3072!
-       esp=aes128-sha256-modp3072!
+       ike=aes128-sha256-curve25519!
+       esp=aes128-sha256-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-sha384/description.txt b/testing/tests/ikev1/alg-sha384/description.txt

index 2255fe8fbb6ecd275a3f2616e890f1899d7243f4..f96ea5c4f2b2f8c4b56a58ca35c1d3247dcc25e2 100644 (file)
--- a/testing/tests/ikev1/alg-sha384/description.txt
+++ b/testing/tests/ikev1/alg-sha384/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b>
+<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-curve25519!</b>
  in ipsec.conf. The same cipher suite is used for IKE.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat

index 166aa8120071e98145b385f6778e041308eac118..3a533566f9d7a3888527a8fed34d0e8947d397a7 100644 (file)
--- a/testing/tests/ikev1/alg-sha384/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha384/evaltest.dat
@@ -2,11 +2,11 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
  carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES
-carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/MODP_3072,::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192/CURVE_25519,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/CURVE_25519,::YES
  moon:: ip xfrm state::auth-trunc hmac(sha384)::YES
  carol::ip xfrm state::auth-trunc hmac(sha384)::YES
  moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf

index 6f1519f2c2383fb592f0a650d047f1b7e107f474..9e7f48868a09bfd775492a9b2ff92fff2291fa05 100644 (file)
--- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes192-sha384-modp3072!
-       esp=aes192-sha384-modp3072!
+       ike=aes192-sha384-curve25519!
+       esp=aes192-sha384-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf

index 919ee9b09d3456406b7acbd20cb97c8b34117fe1..d4c4a6f6d7186846f191520a1a67009668e5eba0 100644 (file)
--- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes192-sha384-modp3072!
-       esp=aes192-sha384-modp3072!
+       ike=aes192-sha384-curve25519!
+       esp=aes192-sha384-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..3f132738762fedae033e1076a1c31668383717cf 100644 (file)
--- a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf

index 5d1c35cc2c7526b015a004bfd8299bd144931978..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf

index 5d1c35cc2c7526b015a004bfd8299bd144931978..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf

index de6bda2d139f926b50481cf21687f32fe680430c..b8817fe13472bcad8c7b36bbc0e1c4602a2a21e4 100644 (file)
--- a/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
  
    dns1 = PH_IP_WINNETOU
    dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf

index 5d1c35cc2c7526b015a004bfd8299bd144931978..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf

index 5d1c35cc2c7526b015a004bfd8299bd144931978..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf

index de6bda2d139f926b50481cf21687f32fe680430c..b8817fe13472bcad8c7b36bbc0e1c4602a2a21e4 100644 (file)
--- a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
  
    dns1 = PH_IP_WINNETOU
    dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt

index 9fe03b010bf7d723c38f1523cd9b9be352f41b01..40cc821283098dac2eddf5c055237d9b7fb6edd8 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-modp2048</b> or alternatively
-<b>esp=aes128ccm96-modp2048</b> in ipsec.conf.
+<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-curve25519</b> or alternatively
+<b>esp=aes128ccm96-curve25519</b> in ipsec.conf.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf

index 1cef8f8c586f6e8f567513ad2309d52f25420fb2..35b96c1a42e18e881adf10df6818c4ef43f666d5 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha256-modp2048!
-       esp=aes128ccm96-modp2048!
+       ike=aes128-sha256-curve25519!
+       esp=aes128ccm96-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf

index f295f159aa22bf05729b41a09c7bd25dac142c02..9692b64f76086681211c57f3859c44d18dfca6d0 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac ccm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf

index 72163aeec3f3f92319cbc78077144778c6226637..40251f7d93b127df905b5f9bff6633debb803c53 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha256-modp2048!
-       esp=aes128ccm12-modp2048!
+       ike=aes128-sha256-curve25519!
+       esp=aes128ccm12-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf

index f295f159aa22bf05729b41a09c7bd25dac142c02..cbfd676a49256af9ff24f4dbd990e005f7c671ca 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac ccm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt

index fbcc48022e2d7d876f0e7c691109f25241730eb7..5858267b3af37b14d36f3aab9081a33ce3d33f15 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt
@@ -1,3 +1,3 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CTR_256 / AES_XCBC_96</b> by defining <b>esp=aes256ctr-aesxcbc-modp2048</b> in ipsec.conf.
+<b>AES_CTR_256 / AES_XCBC_96</b> by defining <b>esp=aes256ctr-aesxcbc-curve25519</b> in ipsec.conf.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf

index 08ff7dab2914769e74961561e8ab137826abbd64..ac835d07d7f389c19e0b1b20a39b9a337d65d9bd 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha512-modp2048!
-       esp=aes256ctr-aesxcbc-modp2048!
+       ike=aes256-sha512-curve25519!
+       esp=aes256ctr-aesxcbc-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf

index cae7e00ca5de91ac9f6b9797fb46c3a632692d15..913afb404edc5f27bbb59dd266ff61dba7c94b21 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac ctr stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf

index f712ed86d09e9d287d17c3c0a840e7d539ce48bf..5c7bbf863732d417786cd480bfa2ac498cb50a34 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha512-modp2048!
-       esp=aes256ctr-aesxcbc-modp2048!
+       ike=aes256-sha512-curve25519!
+       esp=aes256ctr-aesxcbc-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf

index cae7e00ca5de91ac9f6b9797fb46c3a632692d15..8cbe58f19a38612ab76aba57c4b08ccad2e5357c 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac ctr stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt

index bd9521e0df692d4f12afd4f815dc237eaafafd58..f112af6efd4e6762bd25b1dc8a6e04654082a648 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-modp2048</b> or alternatively
-<b>esp=aes256gcm128-modp2048</b> in ipsec.conf.
+<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-curve25519</b> or alternatively
+<b>esp=aes256gcm128-curve25519</b> in ipsec.conf.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf

index 125ce919e4e3c1630a9bf25bf78cd84002a59c35..6dddc28cf94db536d892449bb580c1b7ab3c05bb 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha512-modp2048!
-       esp=aes256gcm128-modp2048!
+       ike=aes256-sha512-curve25519!
+       esp=aes256gcm128-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf

index e396bb1996d5854b85a8e741a2d66535bd1b5d66..1d1cd4e938043142dda94fe10c486287f37cc3bf 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf

index b5821cd07cba47fd48534b2be3bf111e8cc17d37..d98aaeafea97f8e080b72b2346d897c1fd4482da 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha512-modp2048!
-       esp=aes256gcm16-modp2048!
+       ike=aes256-sha512-curve25519!
+       esp=aes256gcm16-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf

index e396bb1996d5854b85a8e741a2d66535bd1b5d66..369c2946fb2362bfc56e6791daf8eeb4d7f911fd 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt

index 823ec253dfce82795a049634f4c340be0a7053bf..0d5eb10152538e07c746e93f0b7fffacb8feb744 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
-ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b>
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-curve25519!</b>
  in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
  the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf

index 5ad63657b241f2364e58013c6b168d1cb17c23fc..c6d77ca6838fcfaaaf9b9256b405ed6b728dfc7f 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha256-modp2048!
-       esp=aes256gmac-modp2048!
+       ike=aes256-sha256-curve25519!
+       esp=aes256gmac-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf

index fba69aba374379ac301901fa27e0b2788f130db6..f42aad256a816d0c6771244e95c72983262d5ccb 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha256-modp2048!
-       esp=aes256gmac-modp2048!
+       ike=aes256-sha256-curve25519!
+       esp=aes256gmac-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf

index 94eb96f386ca39a8702f5b081e65509be9b8bfd7..a653bcd77cef003ea4f338c6de7e824bbb959ae5 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -8,7 +8,7 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha256-modp2048!
+       ike=aes256-sha256-curve25519!
         esp=aes256-aesxcbc!
  
  conn home
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..c5200b0712212c97e80c5157816996f25e1236ba 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf

index dbc468571a6c148c0f2358f14975f243db3c93e1..3e37c3cf0754ea6dcfeb57c95b68d18cbc59fe5a 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -8,7 +8,7 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes256-sha256-modp2048!
+       ike=aes256-sha256-curve25519!
         esp=aes256-aesxcbc!
  
  conn rw
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..e0561f3ffd9a738c08935aee70b9a43244ed5b56 100644 (file)
--- a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat

index d9888a15d718f8584870122a6ce61d4dea8db7c8..b80e9f781c6e53f66e13840b25b7df0fa37b8fa1 100644 (file)
--- a/testing/tests/ikev1/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat
@@ -3,9 +3,9 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
-carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES
  moon:: ip xfrm state::enc ecb(cipher_null)::YES
  carol::ip xfrm state::enc ecb(cipher_null)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 176::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 176::YES
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf

index cd93d795fecbf1b5955dbba8aee2285d24a7d849..d43629158ee2f4c8e3a0ff25165f3aae95311724 100644 (file)
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha1-modp2048!
-       esp=null-sha1!
+       ike=aes128-sha256-curve25519!
+       esp=null-sha256!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf

index 2e9b8de6557102e83d22079ac26ad64063f1b78a..c17c5815e01635117e0bd20071c330ad512260ef 100644 (file)
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha1-modp2048!
-       esp=null-sha1!
+       ike=aes128-sha256-curve25519!
+       esp=null-sha256!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf

index 7d97dd22928457b2df745080678b3a9ba8347b5a..c22405914f76e2493070abe496956926081f1a09 100644 (file)
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown
  
    plugins {
      attr-sql {
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf

index 0387fdfe97d1f4c39f15993a112a91ae15faf16a..9d07c88e40d04298e0018e9385b871f491ebda24 100644 (file)
--- a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf

index 2127105da5b43a7732fdb7abc3a3c5962bf9bd19..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf

index 0387fdfe97d1f4c39f15993a112a91ae15faf16a..9d07c88e40d04298e0018e9385b871f491ebda24 100644 (file)
--- a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-ah/description.txt b/testing/tests/ikev1/net2net-ah/description.txt

index 7ced7a55132c60552c73fd51aa44361123bbccab..fbe4a777d2335d7c83972a1bb9db49d9f779dcbf 100644 (file)
--- a/testing/tests/ikev1/net2net-ah/description.txt
+++ b/testing/tests/ikev1/net2net-ah/description.txt
@@ -1,8 +1,8 @@
  A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b>
  is set up using the IKEv1 protocol.
-With <b>ah=md5,sha1</b> gateway <b>moon</b> proposes the use of an
-<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection
-with its <b>ah=sha1!</b> configuration.
+With <b>ah=sha1,sha256!</b> gateway <b>moon</b> proposes the use of <b>AH</b>.
+Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its
+<b>ah=sha256!</b> configuration.
  <p/>
  Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind
  gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/net2net-ah/evaltest.dat b/testing/tests/ikev1/net2net-ah/evaltest.dat

index d13369f052b8286bd8a4842c633e1f478b31ccda..34a1cde9a2c0f7ed3e1642881b63cac16f390052 100644 (file)
--- a/testing/tests/ikev1/net2net-ah/evaltest.dat
+++ b/testing/tests/ikev1/net2net-ah/evaltest.dat
@@ -1,5 +1,5 @@
-sun::  cat /var/log/daemon.log::received proposals: AH:HMAC_MD5_96/NO_EXT_SEQ, AH:HMAC_SHA1_96/NO_EXT_SEQ::YES
-sun::  cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/NO_EXT_SEQ, AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES
  moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
  sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
@@ -7,5 +7,5 @@ sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
-moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
-sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
+moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES
+sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf

index d062dfe577a3d177e5f6be74db5c97af47d75d0a..d6e251dba5b4c422344783ba627db42afa6d2b0f 100644 (file)
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -5,8 +5,8 @@ config setup
  
  conn %default
         keyexchange=ikev1
-       ike=aes128-sha1-modp1536!
-       ah=md5,sha1
+       ike=aes128-sha256-modp3072!
+       ah=sha1,sha256!
  
  conn net-net
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf

index c374adfc46e55a7da172a4a07d6e6b7f4541e11e..7c0490d598ace316a17564257deda2a09bfd1b32 100644 (file)
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -5,8 +5,8 @@ config setup
  
  conn %default
         keyexchange=ikev1
-       ike=aes128-sha1-modp1536!
-       ah=sha1!
+       ike=aes128-sha256-modp3072!
+       ah=sha256!
  
  conn net-net
         left=PH_IP_SUN
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/net2net-esn/description.txt b/testing/tests/ikev1/net2net-esn/description.txt

index 13bb62b1de6898a1d6b733f673d1623d7208c382..6318c55c663bc80592ac9c9840307231d0c21184 100644 (file)
--- a/testing/tests/ikev1/net2net-esn/description.txt
+++ b/testing/tests/ikev1/net2net-esn/description.txt
@@ -1,6 +1,6 @@
  A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-With <b>esp=aes128-sha1-esn!</b> gateway <b>moon</b> proposes the use of
-<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha1-esn-noesn!</b>,
+With <b>esp=aes128-sha256-esn!</b> gateway <b>moon</b> proposes the use of
+<b>Extended Sequence Numbers</b>. Gateway <b>sun</b> defines <b>esp=aes128-sha256-esn-noesn!</b>,
  accepting proposals with and without ESN.
  <p/>
  Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind
diff --git a/testing/tests/ikev1/net2net-esn/evaltest.dat b/testing/tests/ikev1/net2net-esn/evaltest.dat

index d8d7cb446c1151b555838e2d14ff423f77f14cee..8fa6893fdc3c7e04a145b5dd6113c64fdd90bb2d 100644 (file)
--- a/testing/tests/ikev1/net2net-esn/evaltest.dat
+++ b/testing/tests/ikev1/net2net-esn/evaltest.dat
@@ -1,6 +1,6 @@
-sun::  cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
-sun::  cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES
-sun::  cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES
  sun::  cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
  moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
  moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
@@ -12,6 +12,6 @@ moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
  alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
-sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES
+sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES
  
diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf

index 8929072008c050c8bc94a45cf94a16d7714d796f..4fcff4a89a1b56022159bda8dea6ef12f9990559 100644 (file)
--- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -9,8 +9,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha1-modp1536!
-       esp=aes128-sha1-esn!
+       ike=aes128-sha256-modp3072!
+       esp=aes128-sha256-esn!
  
  conn net-net
         left=PH_IP_MOON
diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf

index 666e32def0ffd7c5b4bceee7f9a1af9eb1d04bfb..2e81bfd04820b75c1b0c050697bc60306dc8e2b1 100644 (file)
--- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -9,8 +9,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
-       ike=aes128-sha1-modp1536!
-       esp=aes128-sha1-esn-noesn!
+       ike=aes128-sha256-modp3072!
+       esp=aes128-sha256-esn-noesn!
  
  conn net-net
         left=PH_IP_SUN
diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf

index e66301482956ba3f323ccbabdb3795c08a6d451a..14cd6e43c699fb117bcf47d0857de83fb03cb1eb 100644 (file)
--- a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    fragment_size = 1024
-  dh_exponent_ansi_x9_42 = no
  }
diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf

index e66301482956ba3f323ccbabdb3795c08a6d451a..14cd6e43c699fb117bcf47d0857de83fb03cb1eb 100644 (file)
--- a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf
@@ -1,8 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    fragment_size = 1024
-  dh_exponent_ansi_x9_42 = no
  }
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf

index 3925d92a4cf1970fa29c5c91005ead6980428c54..38df6a91972abbfd0c9afec279144437241344c9 100644 (file)
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
    send_vendor_id = yes
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf

index fafe267a6a8c600f9fe80cf5081bd061871aa485..7a578d242528c2cc15af435b5535f86d9092f2a3 100644 (file)
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
    send_vendor_id = yes
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf

index 5db4358d62c24ea0b799d2d3828edef0d66e5106..1188d686d957fe30df4c70962fafe05c4bbdb1e6 100644 (file)
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf

index 5db4358d62c24ea0b799d2d3828edef0d66e5106..1188d686d957fe30df4c70962fafe05c4bbdb1e6 100644 (file)
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf

index 2486425309844981a0f6690b2b0288f21b2987e7..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf

index 2486425309844981a0f6690b2b0288f21b2987e7..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf

index 33c50d17170e49131524c2347d4a5cd7df7dd5a5..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf

index 33c50d17170e49131524c2347d4a5cd7df7dd5a5..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf

index 33c50d17170e49131524c2347d4a5cd7df7dd5a5..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf

index c43d34ae9a0ef31939a2ae5bcb2a10416847288b..5df879c6b0015b7e134ea950d4bed5abe06f0403 100644 (file)
--- a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
@@ -1,8 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default unity
-
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default unity
    cisco_unity = yes
-  dh_exponent_ansi_x9_42 = no
  }
diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf

index cb696bd3a5ab9fc1ec79f73e6a34225fc8f34028..b925166b93d82cb9331593664b4a006afb0057be 100644 (file)
--- a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity
-
+  load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default attr unity
    cisco_unity = yes
-  dh_exponent_ansi_x9_42 = no
  
    plugins {
      attr {
diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf

index 86827b23b65ee48933406f257a0f8769e79e434e..7e579273b06991f4dae6411a4e79c1a43f1dec44 100644 (file)
--- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
  
-  dh_exponent_ansi_x9_42 = no
    integrity_test = yes
  
    crypto_test {
diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf

index 86827b23b65ee48933406f257a0f8769e79e434e..7e579273b06991f4dae6411a4e79c1a43f1dec44 100644 (file)
--- a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,9 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
  
-  dh_exponent_ansi_x9_42 = no
    integrity_test = yes
  
    crypto_test {
diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf

index 86827b23b65ee48933406f257a0f8769e79e434e..7e579273b06991f4dae6411a4e79c1a43f1dec44 100644 (file)
--- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
  
-  dh_exponent_ansi_x9_42 = no
    integrity_test = yes
  
    crypto_test {
diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf

index 73b0885d0076b64417a329dd6566f64d614b4c0f..ff775e5f9ad3f76b86b53633081d11ca96c2ee20 100644 (file)
--- a/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    initiator_only = yes
  }
diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf

index 094e0effa49787b341ff807dab8b35052c18de35..c58fdbcd755d968876b7fc5afac22ab15d55fbc9 100644 (file)
--- a/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf

index 094e0effa49787b341ff807dab8b35052c18de35..c58fdbcd755d968876b7fc5afac22ab15d55fbc9 100644 (file)
--- a/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf

index 708a71c7e8be95b4862bf5d7df21e3b758625e41..bcafd86ba4d8bf33cf86812c2a0278ab1db85a82 100644 (file)
--- a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  
    i_dont_care_about_security_and_use_aggressive_mode_psk = yes
  }
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf

index c08fab86e50a2056104a8754db6bc9e033f6ac07..d6dcd99d02773a18b86852ca93338ccc8a61a979 100644 (file)
--- a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown
  }
diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf

index 66054d0f923d74baab6b67776ff5802ec39f23fd..d6dcd99d02773a18b86852ca93338ccc8a61a979 100644 (file)
--- a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
-  
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown
  }
diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf

index 02e7618d3100632b675f64707a315cb8ac0f8f56..4f0b4be87974339d599960b0785f6594a7770de4 100644 (file)
--- a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic attr kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic attr kernel-netlink socket-default stroke updown
  
    dns1 = 192.168.0.150
    dns2 = 10.1.0.20
-  dh_exponent_ansi_x9_42 = no
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..b635720d1a23af609e798ef3f98a28fab03e4f9b 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..b635720d1a23af609e798ef3f98a28fab03e4f9b 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..b635720d1a23af609e798ef3f98a28fab03e4f9b 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf

index f65197befc9fbd9b466404e0216d8140681833f3..73a4271bd557eb21136bebf2198c44370cda9cb8 100644 (file)
--- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf

index f65197befc9fbd9b466404e0216d8140681833f3..73a4271bd557eb21136bebf2198c44370cda9cb8 100644 (file)
--- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf

index f65197befc9fbd9b466404e0216d8140681833f3..73a4271bd557eb21136bebf2198c44370cda9cb8 100644 (file)
--- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..b635720d1a23af609e798ef3f98a28fab03e4f9b 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf

index 09b9264aeb5fb8b1ce80be995ff5eaf5f259ab66..41fa522c88ed56946816014ca8dfcc1805ea88b1 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-md5 xauth-eap updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-md5 xauth-eap updown
  
    plugins {
      eap-radius {
diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..b635720d1a23af609e798ef3f98a28fab03e4f9b 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf

index a6e1ba46b6ebdc3d47fcd4ca0cfabf31e07ee545..2f8caca1013edf6c1b7aafd0688ba5b2014becd2 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
  
    plugins {
      eap-radius {
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..b635720d1a23af609e798ef3f98a28fab03e4f9b 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf

index ca3372f7d4af5be8632950c4585b442742aa4bf7..e3bada0fc982d739fbd7b51dd6fdae999381ec16 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
  }
diff --git a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf

index bae8628f38057ecbf89e2aca323ed9f104d57e0b..6276b14eeb7cccc18ebb3b017205b39510471fb9 100644 (file)
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf

index bae8628f38057ecbf89e2aca323ed9f104d57e0b..6276b14eeb7cccc18ebb3b017205b39510471fb9 100644 (file)
--- a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf

index bae8628f38057ecbf89e2aca323ed9f104d57e0b..6276b14eeb7cccc18ebb3b017205b39510471fb9 100644 (file)
--- a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation acert hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..2c4f3fc214150d4bf636f4031e89b56fd0c7e73f 100644 (file)
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..66ff24601f0a3318c3d62c82fd58319b5e5f9b35 100644 (file)
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-ccm/description.txt b/testing/tests/ikev2/alg-aes-ccm/description.txt

index 28e38ca7fbcbaf2b72b8e2b3b10ebe532adadd0f..569504aa06a85a94c2f95fe5baa468af2e50f96c 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ccm/description.txt
+++ b/testing/tests/ikev2/alg-aes-ccm/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
-<b>AES_CCM_12_128</b> both for IKE and ESP by defining <b>ike=aes128ccm12-aesxcbc-modp2048</b>
-(or alternatively <b>aes128ccm96</b>) and <b>esp=aes128ccm12-modp2048</b> in ipsec.conf, respectively.
+<b>AES_CCM_12_128</b> both for IKE and ESP by defining <b>ike=aes128ccm12-aesxcbc-curve25519</b>
+(or alternatively <b>aes128ccm96</b>) and <b>esp=aes128ccm12-curve25519</b> in ipsec.conf, respectively.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf

index 03707f89f5b7843799b1f1fb4d00dab31849db72..28d19357f320b506d36a695ab26210d05b4caba8 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128ccm96-aesxcbc-modp2048!
-       esp=aes128ccm96-modp2048!
+       ike=aes128ccm96-aesxcbc-curve25519!
+       esp=aes128ccm96-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf

index f295f159aa22bf05729b41a09c7bd25dac142c02..eb329f28afcad43f0b5b937127a74633955e8d9d 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ccm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf

index d7ed92f7ec2e8710d5dfda47a8904770f80137d9..c674ecc2fd9adc9ca2c6b0656165218e85b5fbae 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128ccm12-aesxcbc-modp2048!
-       esp=aes128ccm12-modp2048!
+       ike=aes128ccm12-aesxcbc-curve25519!
+       esp=aes128ccm12-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf

index f295f159aa22bf05729b41a09c7bd25dac142c02..ffe6974db676b4db0ff6e7af4093686d37d20f52 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ccm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-ctr/description.txt b/testing/tests/ikev2/alg-aes-ctr/description.txt

index edb601b613f4d6977541e977a67b118642cd8a0d..1ac6b4cd1b320d00c880008acd95e0ca38e966e5 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ctr/description.txt
+++ b/testing/tests/ikev2/alg-aes-ctr/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
-<b>AES_CTR_128</b> both for IKE and ESP by defining <b>ike=aes128ctr-aesxcbc-modp2048</b>
-and <b>esp=aes128ctr-aesxcbc-modp2048</b> in ipsec.conf, respectively.
+<b>AES_CTR_128</b> both for IKE and ESP by defining <b>ike=aes128ctr-aesxcbc-curve25519</b>
+and <b>esp=aes128ctr-aesxcbc-curve25519</b> in ipsec.conf, respectively.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf

index 3be20c613724b343a4bd5546f113e5149283226c..1650861507df75e41fd518de2b3561dba3933472 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128ctr-aesxcbc-modp2048!
-       esp=aes128ctr-aesxcbc-modp2048!
+       ike=aes128ctr-aesxcbc-curve25519!
+       esp=aes128ctr-aesxcbc-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf

index cae7e00ca5de91ac9f6b9797fb46c3a632692d15..c6ef5d79538223be684197d1eaff2681e299d744 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ctr stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf

index 1cf16ee38b7b66cd8466129e232ae23af93b881b..73afe9874b039b41d264bc6b1ea5e663e2f435ac 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128ctr-aesxcbc-modp2048!
-       esp=aes128ctr-aesxcbc-modp2048!
+       ike=aes128ctr-aesxcbc-curve25519!
+       esp=aes128ctr-aesxcbc-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf

index cae7e00ca5de91ac9f6b9797fb46c3a632692d15..3ec3f00780ee0ab4a18188a15ac14b296c27b89d 100644 (file)
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc ctr stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-gcm/description.txt b/testing/tests/ikev2/alg-aes-gcm/description.txt

index 2afcecd689a0e29f768c0705b1a75a08f0849422..ccf32fc3a1a03808493e3b7389cb472e237085c7 100644 (file)
--- a/testing/tests/ikev2/alg-aes-gcm/description.txt
+++ b/testing/tests/ikev2/alg-aes-gcm/description.txt
@@ -1,5 +1,5 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
-<b>AES_GCM_16_256</b> both for IKE and ESP by defining <b>ike=aes256gcm16-aesxcbc-modp2048</b>
-(or alternatively <b>aes256gcm128</b>) and <b>esp=aes256gcm16-modp2048</b> in ipsec.conf,
+<b>AES_GCM_16_256</b> both for IKE and ESP by defining <b>ike=aes256gcm16-aesxcbc-curve25519</b>
+(or alternatively <b>aes256gcm128</b>) and <b>esp=aes256gcm16-curve25519</b> in ipsec.conf,
  respectively.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf

index 7a808ff651b463c02982f8dea43ddbff32eb6c41..47f8f7f7cdf6c1b065e7fef82e224a5d5a5e17d2 100644 (file)
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes256gcm128-aesxcbc-modp2048!
-       esp=aes256gcm128-modp2048!
+       ike=aes256gcm128-aesxcbc-curve25519!
+       esp=aes256gcm128-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf

index e396bb1996d5854b85a8e741a2d66535bd1b5d66..7cb4496f2964ea2669999da9b3dcf376f6cd8f0a 100644 (file)
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc gcm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf

index 12a35cb8ae80123c27ec60cf12045836cbcd4dee..78ef62115e8daf05988feb6e221a1bcca60d6c08 100644 (file)
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes256gcm16-aesxcbc-modp2048!
-       esp=aes256gcm16-modp2048!
+       ike=aes256gcm16-aesxcbc-curve25519!
+       esp=aes256gcm16-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf

index e396bb1996d5854b85a8e741a2d66535bd1b5d66..35d3c19a208dfeb85d3d714bf74ec45a3753371b 100644 (file)
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc gcm stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-xcbc/description.txt b/testing/tests/ikev2/alg-aes-xcbc/description.txt

index c71d7493f1984205fa0bac1b757180a3d7254520..d69d3d0b6e5430a3cca57fbe2bed4dc352709725 100644 (file)
--- a/testing/tests/ikev2/alg-aes-xcbc/description.txt
+++ b/testing/tests/ikev2/alg-aes-xcbc/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-modp2048!</b>
+<b>AES_CBC_128 / AES_XCBC_96</b> by defining <b>esp=aes128-aesxcbc-curve25519!</b>
  in ipsec.conf. The same cipher suite is used for IKE.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat

index 4b854840435a9afae0c3a3c42647b0449ddbe12e..42bf0764a40719849169f17546dfb8cf6adb8da4 100644 (file)
--- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
@@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
  carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_3072::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/CURVE_25519::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/CURVE_25519::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
  moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
  carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf

index c9e9e92e5679df7bb66736f1738063b01f3ff306..f71f7b347ba591698b10a38aca0ea5c76a8aec48 100644 (file)
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-aesxcbc-modp3072!
-       esp=aes128-aesxcbc-modp3072!
+       ike=aes128-aesxcbc-curve25519!
+       esp=aes128-aesxcbc-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..ce996478c9601a7ed4bd39beb211fc56d3b7ce32 100644 (file)
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf

index 4e4a9324ff434f488493604a4b38dbede1341867..a9ddd6a49d856c2e210057eb3e760f4666764778 100644 (file)
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-aesxcbc-modp3072!
-       esp=aes128-aesxcbc-modp3072!
+       ike=aes128-aesxcbc-curve25519!
+       esp=aes128-aesxcbc-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..69f188e3d2cb309c1be8643e7e5cfec54645db73 100644 (file)
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf

index 1f0fd41a8aadf729a15265d190b46926dc4e1ece..d69a7b8082015cedb3c90645cbf68435ac0b120d 100644 (file)
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf

index 1f0fd41a8aadf729a15265d190b46926dc4e1ece..a3c9999f771b0d64dfbfc69530f74deb859b2018 100644 (file)
--- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf

index 1f0fd41a8aadf729a15265d190b46926dc4e1ece..a3c9999f771b0d64dfbfc69530f74deb859b2018 100644 (file)
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..3f132738762fedae033e1076a1c31668383717cf 100644 (file)
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-sha256-96/description.txt b/testing/tests/ikev2/alg-sha256-96/description.txt

index e1d59162555beb7e5d474d7e419a84cac5f327f2..9e5321eb620fc9fa433f801f64853ecd9b38096e 100644 (file)
--- a/testing/tests/ikev2/alg-sha256-96/description.txt
+++ b/testing/tests/ikev2/alg-sha256-96/description.txt
@@ -1,5 +1,5 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
  <b>AES_CBC_128 / HMAC_SHA2_256_96</b> which uses 96 bit instead of the 
  standard 128 bit truncation, allowing compatibility with Linux kernels older than 2.6.33 
-by defining <b>esp=aes128-sha256_96-modp2048!</b> in ipsec.conf.
+by defining <b>esp=aes128-sha256_96-curve25519!</b> in ipsec.conf.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat

index c5ea03f4cbabfacd1138dec0b85ba528c1b17002..42e7b9335e58c6a83cee29eb83527d21cf12e6e4 100644 (file)
--- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
  moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES
  carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES
-moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
  moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
  carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf

index 90a143678a383a2cb4fbd9a9ac0ba8e35c3984bf..e2557dc0b0be667a5352aee27b83764a58b0a2f4 100644 (file)
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha256-modp3072!
-       esp=aes128-sha256_96-modp3072!
+       ike=aes128-sha256-curve25519!
+       esp=aes128-sha256_96-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf

index adc0ab9fbe7928e2a2e5508df3227ad11da2812e..a3837a4ceb1cabdc1ef38b9f033d689cd117a8c8 100644 (file)
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    send_vendor_id = yes
  }
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf

index e0b2625c06701f92c92b30f0bcb7a8240fc3bcf5..c1d8d33ce51f7d540280a2dd840272879414aaab 100644 (file)
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha256-modp3072!
-       esp=aes128-sha256_96-modp3072!
+       ike=aes128-sha256-curve25519!
+       esp=aes128-sha256_96-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf

index adc0ab9fbe7928e2a2e5508df3227ad11da2812e..55a6df151fc732a6a37fedce4383a0d13c066242 100644 (file)
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    send_vendor_id = yes
  }
diff --git a/testing/tests/ikev2/alg-sha256/description.txt b/testing/tests/ikev2/alg-sha256/description.txt

index 826a8f10ba13b8bf3bc71b0c345ef7144db7adef..f7e53913c120c3c2bb06eeb9e8a571135b20fabe 100644 (file)
--- a/testing/tests/ikev2/alg-sha256/description.txt
+++ b/testing/tests/ikev2/alg-sha256/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b>
+<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-curve25519!</b>
  in ipsec.conf. The same cipher suite is used for IKE.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat

index 8bfcbc428345a2d19a8bf442f7055288551f26ae..f47852b34df5058f36446b882c927c947c71d8f6 100644 (file)
--- a/testing/tests/ikev2/alg-sha256/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha256/evaltest.dat
@@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
  carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
  moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
  carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf

index 6890ea4580675967228cfaf26778b9dcffc5a008..1bae9405c0b2fb71fd65ef6322685381dd763119 100644 (file)
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha256-modp3072!
-       esp=aes128-sha256-modp3072!
+       ike=aes128-sha256-curve25519!
+       esp=aes128-sha256-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf

index 5831118931cab3cd22fb85a1aa70c1ec6805ee81..1a1d99adfdcd499019c39cd0b1babe38602c74de 100644 (file)
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha256-modp3072!
-       esp=aes128-sha256-modp3072!
+       ike=aes128-sha256-curve25519!
+       esp=aes128-sha256-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-sha384/description.txt b/testing/tests/ikev2/alg-sha384/description.txt

index 2255fe8fbb6ecd275a3f2616e890f1899d7243f4..f96ea5c4f2b2f8c4b56a58ca35c1d3247dcc25e2 100644 (file)
--- a/testing/tests/ikev2/alg-sha384/description.txt
+++ b/testing/tests/ikev2/alg-sha384/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b>
+<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-curve25519!</b>
  in ipsec.conf. The same cipher suite is used for IKE.
  A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat

index 1148a182e68bdc1935a03365eb57f0e0990cbc20..56d862e1e533351407e92f8986d763112821f1dc 100644 (file)
--- a/testing/tests/ikev2/alg-sha384/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha384/evaltest.dat
@@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
  carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_25519::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
  moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
  carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf

index e02d90b786d7b6fb2bbbdfa5520de08aeee7e1f6..ddeb092e0c07b5dc7ba0b43e6c080925826a40c2 100644 (file)
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes192-sha384-modp3072!
-       esp=aes192-sha384-modp3072!
+       ike=aes192-sha384-curve25519!
+       esp=aes192-sha384-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf

index 990fce1d0a60d405d3ca298919101cc9b1bb33ce..8041548343266e729626e953746db9a5c784a6ed 100644 (file)
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes192-sha384-modp3072!
-       esp=aes192-sha384-modp3072!
+       ike=aes192-sha384-curve25519!
+       esp=aes192-sha384-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..3f132738762fedae033e1076a1c31668383717cf 100644 (file)
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf

index fed33db4cf44949395bf66fbbd46f84f1debb928..d4085e6a4edd118c0df2d78f156d47a543e6ba50 100644 (file)
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf

index fed33db4cf44949395bf66fbbd46f84f1debb928..d4085e6a4edd118c0df2d78f156d47a543e6ba50 100644 (file)
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf

index fed33db4cf44949395bf66fbbd46f84f1debb928..d4085e6a4edd118c0df2d78f156d47a543e6ba50 100644 (file)
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf

index fed33db4cf44949395bf66fbbd46f84f1debb928..d4085e6a4edd118c0df2d78f156d47a543e6ba50 100644 (file)
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf

index 5d1c35cc2c7526b015a004bfd8299bd144931978..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf

index 5d1c35cc2c7526b015a004bfd8299bd144931978..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf

index de6bda2d139f926b50481cf21687f32fe680430c..b8817fe13472bcad8c7b36bbc0e1c4602a2a21e4 100644 (file)
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
  
    dns1 = PH_IP_WINNETOU
    dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf

index 269e1a5d97a69cf161bce222eb8416c84a053c6d..448093f9f5518cb6c16efd4229fbfd7defbf3348 100644 (file)
--- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
    
diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf

index a2bdf799f6933e1115d381feb4e1d8fba2dd876f..dbcb7a368fdc578b9f969cb317928ec4fb6046de 100644 (file)
--- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf

index ea1b90593be701da6c3a7a8a1c696c9651485055..82118b4101a41a1397511536f36671c821e85a5f 100644 (file)
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  
    cache_crls = yes
  }
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf

index d0c3f8c499e5755970ad85467d172c37100fd155..a9c6e8d4e6dec049eccbf247f653bf28e8216663 100644 (file)
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf

index d0c3f8c499e5755970ad85467d172c37100fd155..a9c6e8d4e6dec049eccbf247f653bf28e8216663 100644 (file)
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf

index ea1b90593be701da6c3a7a8a1c696c9651485055..82118b4101a41a1397511536f36671c821e85a5f 100644 (file)
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  
    cache_crls = yes
  }
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf

index 1c7c270df379e8bc604a1273e3f0d044227b1675..c4a0ff8bbfe3d01d91d05dbb04a2ed5da483e261 100644 (file)
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp
+
    plugins {
      dhcp {
        server = 10.1.255.255
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf

index 1c7c270df379e8bc604a1273e3f0d044227b1675..c4a0ff8bbfe3d01d91d05dbb04a2ed5da483e261 100644 (file)
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp
+
    plugins {
      dhcp {
        server = 10.1.255.255
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf

index d96d1d74e0b9f33dbabcec3395c6c3f9eab741f0..0883bf0581ae1adb02f7fc94b97ff87700dcee98 100644 (file)
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp
+
    plugins {
      dhcp {
        server = 10.1.255.255
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf

index 4ccce1f6ae4c27dc08c06d54682122d0240f22be..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
-
-  dh_exponent_ansi_x9_42 = no
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt

index 823ec253dfce82795a049634f4c340be0a7053bf..0d5eb10152538e07c746e93f0b7fffacb8feb744 100644 (file)
--- a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
@@ -1,4 +1,4 @@
  Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
-ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b>
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-curve25519!</b>
  in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
  the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf

index 8f5b77cac33124cb6834306f8f2213e84a39ed07..95edc62a7ddf8a081527f6bc05443235b67c535d 100644 (file)
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes256-aesxcbc-modp2048!
-       esp=aes256gmac-modp2048!
+       ike=aes256-aesxcbc-curve25519!
+       esp=aes256gmac-curve25519!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..ce996478c9601a7ed4bd39beb211fc56d3b7ce32 100644 (file)
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf

index d41ba72e81b4cd8f14d8a66f0c1384751113fd9a..c3042f2b349a805c0013278559a0935e34e25a21 100644 (file)
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes256-aesxcbc-modp2048!
-       esp=aes256gmac-modp2048!
+       ike=aes256-aesxcbc-curve25519!
+       esp=aes256gmac-curve25519!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..69f188e3d2cb309c1be8643e7e5cfec54645db73 100644 (file)
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation xcbc stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..2c4f3fc214150d4bf636f4031e89b56fd0c7e73f 100644 (file)
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..2c4f3fc214150d4bf636f4031e89b56fd0c7e73f 100644 (file)
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat

index d9888a15d718f8584870122a6ce61d4dea8db7c8..b80e9f781c6e53f66e13840b25b7df0fa37b8fa1 100644 (file)
--- a/testing/tests/ikev2/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat
@@ -3,9 +3,9 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
  moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
  carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
  carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
-carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA2_256_128::YES
  moon:: ip xfrm state::enc ecb(cipher_null)::YES
  carol::ip xfrm state::enc ecb(cipher_null)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 176::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 176::YES
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf

index 1d8509115cd1f1473873b5a0c7be62177e96dd79..e367cbf4a1154548a6ad582d513f588693afe678 100644 (file)
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha1-modp2048!
-       esp=null-sha1!
+       ike=aes128-sha256-curve25519!
+       esp=null-sha256!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf

index 38f8bd619ecb8869fb72454f4b6d94314033c97e..84cad9a81d7e178931e0dff7f6d3e7dc9ccf5a21 100644 (file)
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha1-modp2048!
-       esp=null-sha1!
+       ike=aes128-sha256-curve25519!
+       esp=null-sha256!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf

index 52629873e1fc369cd66579fd62b0bab50ae34ec5..043c3d79f60d3b5674fffe98f07dfb6b8b3c4fe2 100644 (file)
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
@@ -8,7 +8,7 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha1-modp1536!
+       ike=aes128-sha1-modp2048!
         esp=aes128-sha1_160!
  
  conn home
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..3f132738762fedae033e1076a1c31668383717cf 100644 (file)
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf

index d4cc3fbaf0b04cb06223e09f28f9ae944a0813a1..86819631b034caae6a280d453a50091bb6760ad0 100644 (file)
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
@@ -8,7 +8,7 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha1-modp1536!
+       ike=aes128-sha1-modp2048!
         esp=aes128-sha1_160!
  
  conn rw
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..be00a11eb21f7218f2a810cbf63fccb56a365528 100644 (file)
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf

index eaaf8bd96a5489704fc4f6180786be90de0736de..e34ca9da793fb96f57a2c82d26f12d2a71ac2da3 100644 (file)
--- a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr farp
    dns1 = PH_IP_WINNETOU
    dns2 = PH_IP_VENUS
  }
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf

index 986ef32de95214f52115bca275c36bef31f66845..9cd6f687d5946486025f91a57a5cec7984e4338b 100644 (file)
--- a/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr forecast
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr forecast
+
    syslog {
      daemon {
        net = 2
diff --git a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf

new file mode 100644 (file)

index 0000000..3738301
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation pubkey curve25519 gmp curl kernel-netlink socket-default updown stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf

index 1311e5b27d6324aac47303684d7077ba8f19fbcc..e3fc4d707e90362f6f7ec2ea13b5fad975275326 100644 (file)
--- a/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default connmark
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default connmark
  }
diff --git a/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf

new file mode 100644 (file)

index 0000000..3738301
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation pubkey curve25519 gmp curl kernel-netlink socket-default updown stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf

new file mode 100644 (file)

index 0000000..281da12
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf

new file mode 100644 (file)

index 0000000..281da12
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf

new file mode 100644 (file)

index 0000000..281da12
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 curve25519 gmp x509 curl revocation kernel-netlink socket-default updown stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..0fbefa3fc2f7c2fe6e357f6b108dc6a283163d77 100644 (file)
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf

index 7d97dd22928457b2df745080678b3a9ba8347b5a..c22405914f76e2493070abe496956926081f1a09 100644 (file)
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown
  
    plugins {
      attr-sql {
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf

index 7d97dd22928457b2df745080678b3a9ba8347b5a..c22405914f76e2493070abe496956926081f1a09 100644 (file)
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown
  
    plugins {
      attr-sql {
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..f0b74a743190b3688aae5d678f7f56089ffeddee 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf

index b238646aca846e2b0b14092724bfd626ae09f416..1664d55aa38dd14734b77dd070742aa1ddaea126 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown
  
    plugins {
      attr-sql {
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf

index 7b81476e9555a2f5dabbb27feb6121c706c8dfc8..729db452677b6af786714a2d06235bb4ca21cc7c 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
  }
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf

index b238646aca846e2b0b14092724bfd626ae09f416..1664d55aa38dd14734b77dd070742aa1ddaea126 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown
  
    plugins {
      attr-sql {
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf

index da157a5ee311a01e85548eb4b62eb06b47f8dccb..db9ab464bdbf3228490d6f77c92986077981edab 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite attr-sql
  
    plugins {
      attr-sql {
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..952df5e67a672e79bc9de156d92f0e942e3a0f2d 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..952df5e67a672e79bc9de156d92f0e942e3a0f2d 100644 (file)
--- a/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf

index af1bc1851ff6fece02852bdf0e818378c567196b..cabe702e50627bc93d0c264d6c760f67a947a104 100644 (file)
--- a/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown lookip
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown lookip
  }
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf

index 414eebaa06880527d5913613e66987027325be1e..5615f44910f66831892c5397e914daf3ba5b7eb1 100644 (file)
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
  }
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf

index 414eebaa06880527d5913613e66987027325be1e..51614f7163eff75ed329d582d27c2fe2aa253444 100644 (file)
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
  }
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf

index 710c38b9ea9da2e1e9d89dd6673246c0e3fe8f1d..aab6993ceb47bb3e62bcd06202ab18280e6a4ed6 100644 (file)
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+
    plugins {
      eap-radius {
        secret = gv6URkSs
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf

index 91ded373349ddee0c3863d7e4525f5d6df109081..fa36317e7a504d703a75377446f818bef576b760 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf

index 91ded373349ddee0c3863d7e4525f5d6df109081..fa36317e7a504d703a75377446f818bef576b760 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf

index d0c3f8c499e5755970ad85467d172c37100fd155..2881b73c5f725a6246b485bc866414b2ec1dabb9 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 ldap revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf

index 0431c5d1f30c11a950103010e036044ba24f257f..3038f522dfecdf4e000feda3eece46d56b78d87c 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce constraints x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp constraints x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf

index 8d3610bd6341afebb44b303206e249c596e04dda..0b6834b164db755de06a97c5d0a256cbedf2eb3d 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation constraints hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation constraints hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf

index 924fd475790fa9b940875a7ddf1dd2ddf6e80db0..f6cb39c781248f6fbf3a504fe874cb6e2800e6d0 100644 (file)
--- a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf

index 924fd475790fa9b940875a7ddf1dd2ddf6e80db0..f6cb39c781248f6fbf3a504fe874cb6e2800e6d0 100644 (file)
--- a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf

index 924fd475790fa9b940875a7ddf1dd2ddf6e80db0..f6cb39c781248f6fbf3a504fe874cb6e2800e6d0 100644 (file)
--- a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf

index 0387fdfe97d1f4c39f15993a112a91ae15faf16a..9d07c88e40d04298e0018e9385b871f491ebda24 100644 (file)
--- a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf

index 2127105da5b43a7732fdb7abc3a3c5962bf9bd19..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf

index 0387fdfe97d1f4c39f15993a112a91ae15faf16a..9d07c88e40d04298e0018e9385b871f491ebda24 100644 (file)
--- a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-ah/description.txt b/testing/tests/ikev2/net2net-ah/description.txt

index a8ac7ee6b7ce314b627c9f6e4eaf383cab465924..7816aa275684a36abb3016f5a1374a59674ad130 100644 (file)
--- a/testing/tests/ikev2/net2net-ah/description.txt
+++ b/testing/tests/ikev2/net2net-ah/description.txt
@@ -1,7 +1,7 @@
  A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-With <b>ah=sha1-md5</b> gateway <b>moon</b> proposes the use of an
-<b>AH proposal</b>. Gateway <b>sun</b> selects SHA1 for integrity protection
-with its <b>ah=sha1!</b> configuration.
+With <b>ah=sha256-sha384!</b> gateway <b>moon</b> proposes the use of <b>AH</b>.
+Gateway <b>sun</b> selects SHA2_256_128 for integrity protection with its <b>ah=sha256!</b>
+configuration.
  <p/>
  Upon the successful establishment of the AH CHILD SA, client <b>alice</b> behind
  gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/net2net-ah/evaltest.dat b/testing/tests/ikev2/net2net-ah/evaltest.dat

index 1cfc450e700e5e30f679b8b986eb181071c358ce..69a7165cf8d844b00665ae28a79e85e39978c5d4 100644 (file)
--- a/testing/tests/ikev2/net2net-ah/evaltest.dat
+++ b/testing/tests/ikev2/net2net-ah/evaltest.dat
@@ -1,5 +1,5 @@
-sun::  cat /var/log/daemon.log::received proposals: AH:HMAC_SHA1_96/HMAC_MD5_96/NO_EXT_SEQ::YES
-sun::  cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA1_96/NO_EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::received proposals: AH:HMAC_SHA2_256_128/HMAC_SHA2_384_192/NO_EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::selected proposal: AH:HMAC_SHA2_256_128/NO_EXT_SEQ::YES
  moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
  sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
  moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
@@ -7,5 +7,5 @@ sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: AH::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: AH::YES
-moon::ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
-sun:: ipsec statusall 2> /dev/null::HMAC_SHA1_96::YES
+moon::ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES
+sun:: ipsec statusall 2> /dev/null::HMAC_SHA2_256_128::YES
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf

index 60211955304f0262ea070cd8884dd32cbb6ca086..7af65a55d200329cb84887fc056a34264af88745 100644 (file)
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -5,8 +5,8 @@ config setup
  
  conn %default
         keyexchange=ikev2
-       ike=aes128-sha1-modp1536!
-       ah=sha1-md5
+       ike=aes128-sha256-modp3072!
+       ah=sha256-sha384!
  
  conn net-net
         left=PH_IP_MOON
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf

index 3f1ee599136f47992a614c91e6b537923ad52bdf..82da6cb7a730b78de23bbb29d4b8a8e1ec0b8ad7 100644 (file)
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -5,8 +5,8 @@ config setup
  
  conn %default
         keyexchange=ikev2
-       ike=aes128-sha1-modp1536!
-       ah=sha1!
+       ike=aes128-sha256-modp3072!
+       ah=sha256!
  
  conn net-net
         left=PH_IP_SUN
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf

index 2127105da5b43a7732fdb7abc3a3c5962bf9bd19..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf

index 2127105da5b43a7732fdb7abc3a3c5962bf9bd19..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf

index 6e5c240637ba0c5bd0bf7459e56f78a6d86d2486..2cb7f03e014d908331f2317c18e904882188fa03 100644 (file)
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
    signature_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf

index 6e5c240637ba0c5bd0bf7459e56f78a6d86d2486..2cb7f03e014d908331f2317c18e904882188fa03 100644 (file)
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
    signature_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf

index d5ac379377d08b6affc806b3baa7ce5c79a454d4..b73dd8a5fc67580cba278d9396cfde6d9df020e6 100644 (file)
--- a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown
  
    plugins {
      dnscert {
diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf

index d5ac379377d08b6affc806b3baa7ce5c79a454d4..b73dd8a5fc67580cba278d9396cfde6d9df020e6 100644 (file)
--- a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound dnscert random nonce x509 curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default stroke updown
  
    plugins {
      dnscert {
diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf

index 58deb25f01c786cafcdd48e429ff1348c898d01d..d4c8c5595c6c43ccbdf7c84a8a39756642511ae8 100644 (file)
--- a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound ipseckey random nonce curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default stroke updown
  
    plugins {
      ipseckey {
diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf

index 58deb25f01c786cafcdd48e429ff1348c898d01d..d4c8c5595c6c43ccbdf7c84a8a39756642511ae8 100644 (file)
--- a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey unbound ipseckey random nonce curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default stroke updown
  
    plugins {
      ipseckey {
diff --git a/testing/tests/ikev2/net2net-esn/description.txt b/testing/tests/ikev2/net2net-esn/description.txt

index da847b6a486e7d929644582e56aaf0cede4570b3..c9da6820bf91214fc0271cc3ecddb0bd34168cfb 100644 (file)
--- a/testing/tests/ikev2/net2net-esn/description.txt
+++ b/testing/tests/ikev2/net2net-esn/description.txt
@@ -1,7 +1,7 @@
  A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-With <b>esp=aes128-sha1-esn-noesn!</b> gateway <b>moon</b> proposes the use of
+With <b>esp=aes128-sha256-esn-noesn!</b> gateway <b>moon</b> proposes the use of
  <b>Extended Sequence Numbers</b> but can also live without them. Gateway <b>sun</b>
-defines <b>esp=aes128-sha1-esn!</b> and thus decides on the use of ESN.
+defines <b>esp=aes128-sha256-esn!</b> and thus decides on the use of ESN.
  <p/>
  Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind
  gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> 10 times.
diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat

index 63058eb885e91494e7a8d38cd3f9ed4c47774128..534ace9e1ba18b2dd4f588686df85dd289a2bdb6 100644 (file)
--- a/testing/tests/ikev2/net2net-esn/evaltest.dat
+++ b/testing/tests/ikev2/net2net-esn/evaltest.dat
@@ -1,5 +1,5 @@
-sun::  cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES
-sun::  cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ::YES
+sun::  cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ::YES
  sun::  cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
  moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
  moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
@@ -11,6 +11,6 @@ moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
  alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
-sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES
+sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA2_256_128/ESN::YES
  
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf

index 3418e63c4e777104ae34babeb934cc3f0e64261a..8cce0c9573bcf8889ae69ada4de751dc953516ef 100644 (file)
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -9,8 +9,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha1-modp1536!
-       esp=aes128-sha1-esn-noesn!
+       ike=aes128-sha256-modp3072!
+       esp=aes128-sha256-esn-noesn!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf

index f0b6c906fe0c699263e8dda609b1544e1e98b303..1fd5ddb03abdcdb69a101a9d1f8ddd93dbdc2d55 100644 (file)
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -9,8 +9,8 @@ conn %default
         rekeymargin=3m
          keyingtries=1
         keyexchange=ikev2
-       ike=aes128-sha1-modp1536!
-       esp=aes128-sha1-esn!
+       ike=aes128-sha256-modp3072!
+       esp=aes128-sha256-esn!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..02ae5affa7f0c58753a2483a0026b4fa8bd7a227 100644 (file)
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf

index 8cc4192c66d1201055c3ec8440d0e33702174608..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
-  dh_exponent_ansi_x9_42 = no
  }
diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf

index 8cc4192c66d1201055c3ec8440d0e33702174608..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
@@ -1,8 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
-  dh_exponent_ansi_x9_42 = no
  }
diff --git a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf

index db2698dbfca83296b93233f3c75ff0fdbdefc9c8..904a5fa6eead003206632123adef745ac7a900be 100644 (file)
--- a/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default forecast
  
    multiple_authentication = no
    plugins {
diff --git a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf

index db2698dbfca83296b93233f3c75ff0fdbdefc9c8..904a5fa6eead003206632123adef745ac7a900be 100644 (file)
--- a/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default forecast
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default forecast
  
    multiple_authentication = no
    plugins {
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf

index 867949da436778f886347186cc15df606598c9cb..49077484af870c7f954ef908c11b70954d046b7b 100644 (file)
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
    send_vendor_id = yes
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf

index e39c9222ebb5444a798c84811e149b166eb9b846..1dcbd6c277e2d201096d0a04c629c5b1c042bf3a 100644 (file)
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
    send_vendor_id = yes
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf

index 3925d92a4cf1970fa29c5c91005ead6980428c54..38df6a91972abbfd0c9afec279144437241344c9 100644 (file)
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
  
    multiple_authentication = no
    send_vendor_id = yes
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf

index a4cfc6168fedd8c3e7a7e727ff3be9f57460dbfa..0b31f738c43a6aadbcb401825d8d759fbec5f617 100644 (file)
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
    send_vendor_id = yes
  }
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf

index 8accff27ca42bca1088ddc6d3f2bd16862e657f7..a76d6017e8d64eb3443111fc872d632fb9acff44 100644 (file)
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
+  load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf

index 8accff27ca42bca1088ddc6d3f2bd16862e657f7..a76d6017e8d64eb3443111fc872d632fb9acff44 100644 (file)
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
+  load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf

index 8accff27ca42bca1088ddc6d3f2bd16862e657f7..7e5328760bd05aae48538a00b56a9fcecfb98d8c 100644 (file)
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf

index 8accff27ca42bca1088ddc6d3f2bd16862e657f7..7e5328760bd05aae48538a00b56a9fcecfb98d8c 100644 (file)
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf

index 92e758d35f9bd0a6484a54515b14223ffca857d7..4494daee7e447607e52835579a024b2a6a7afbf7 100644 (file)
--- a/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf

index 92e758d35f9bd0a6484a54515b14223ffca857d7..4494daee7e447607e52835579a024b2a6a7afbf7 100644 (file)
--- a/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 rc2 pem pkcs1 pkcs7 pkcs8 pkcs12 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf

index 5d04d3e996aab73bce7bae2caa5dec432a36b179..3cf8c8807b5c384eb3a08aa9fe3a44d779f027db 100644 (file)
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf

index 5d04d3e996aab73bce7bae2caa5dec432a36b179..3cf8c8807b5c384eb3a08aa9fe3a44d779f027db 100644 (file)
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac xcbc curl stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf

index 5db4358d62c24ea0b799d2d3828edef0d66e5106..1188d686d957fe30df4c70962fafe05c4bbdb1e6 100644 (file)
--- a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf

index 5db4358d62c24ea0b799d2d3828edef0d66e5106..1188d686d957fe30df4c70962fafe05c4bbdb1e6 100644 (file)
--- a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf

index 5db4358d62c24ea0b799d2d3828edef0d66e5106..1188d686d957fe30df4c70962fafe05c4bbdb1e6 100644 (file)
--- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf

index 5db4358d62c24ea0b799d2d3828edef0d66e5106..1188d686d957fe30df4c70962fafe05c4bbdb1e6 100644 (file)
--- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf

index 3cd90047f2176eb34fd5b917c045c9f516417e3b..4cc2e21c6452bcb4662f084d48a132623dee899c 100644 (file)
--- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
  }
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf

index 3cd90047f2176eb34fd5b917c045c9f516417e3b..4cc2e21c6452bcb4662f084d48a132623dee899c 100644 (file)
--- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
  }
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf

index f1b3fb77fabb6ef637c9d462d16a62b28d404198..18ed6a4c42711a4bdaa9854d991e8a73d83515fd 100644 (file)
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf

index f1b3fb77fabb6ef637c9d462d16a62b28d404198..18ed6a4c42711a4bdaa9854d991e8a73d83515fd 100644 (file)
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf

index e1efec8661f5d2e55ac72c6eeb11d4271c4aec6a..045e3a0827000dbc07bb50651cb006a9f960d432 100644 (file)
--- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
  }
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf

index e1efec8661f5d2e55ac72c6eeb11d4271c4aec6a..045e3a0827000dbc07bb50651cb006a9f960d432 100644 (file)
--- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
  }
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf

index ddba8b19955d3d5e4e3c76ed6b3c6f03a39f84c5..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..48e8fc6ff750e65ba83397787b96d1b96c9d62ba 100644 (file)
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf

index f89437e434fade18929a86f27657f3082a48c86b..1f0c2fad4cfb7f42f29a644c7186d6267a373695 100644 (file)
--- a/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    make_before_break = yes
  }
diff --git a/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf

index f89437e434fade18929a86f27657f3082a48c86b..1f0c2fad4cfb7f42f29a644c7186d6267a373695 100644 (file)
--- a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    make_before_break = yes
  }
diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf

index f89437e434fade18929a86f27657f3082a48c86b..1f0c2fad4cfb7f42f29a644c7186d6267a373695 100644 (file)
--- a/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    make_before_break = yes
  }
diff --git a/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf

index 6f7f4c4cb9e4bf28bf18b57c04c56f3629efc34c..db3b535423fe2fffc0e2547ea2d0836bfdf0178f 100644 (file)
--- a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown vici
  }
  
diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf

index e58af9efdec3f9a75255ab08e7eb3af0c262ce12..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf

index ecbad665cce309ffc50b09d84eb229e67b4b41fe..16a0a8ca0c7c3a92f9284595ed22b45f0c8ceeed 100644 (file)
--- a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf

index 7c415b1eeb96c6d4ada249107e5a7a86e1bb94f0..16a0a8ca0c7c3a92f9284595ed22b45f0c8ceeed 100644 (file)
--- a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
  
diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat

index be78c51259f19e761bf87270f51fb494f486db9a..849d59a4e3095fcfde5f63e16223d94a46bf1336 100644 (file)
--- a/testing/tests/ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/ikev2/rw-cert/evaltest.dat
@@ -12,4 +12,3 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
  moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
  moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf

index 6a6d39899050904781601b59fdfba5468d2dcd31..520eb71eef4be23f4caa247972e11aafb0a5ab48 100644 (file)
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
  
    integrity_test = yes
    crypto_test {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf

index 6a6d39899050904781601b59fdfba5468d2dcd31..520eb71eef4be23f4caa247972e11aafb0a5ab48 100644 (file)
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
  
    integrity_test = yes
    crypto_test {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf

index 6a6d39899050904781601b59fdfba5468d2dcd31..520eb71eef4be23f4caa247972e11aafb0a5ab48 100644 (file)
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
  
    integrity_test = yes
    crypto_test {
diff --git a/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf

index 825af9dd06a32ebcd1eb07b1580d3a9496a3a249..29fa36133d4f99f17f61b48ad4a09953467d89d9 100644 (file)
--- a/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve
  
    plugins {
      ipseckey {
diff --git a/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf

index 825af9dd06a32ebcd1eb07b1580d3a9496a3a249..0d3c7b781cab541e69f3c393f2384a5d6c610468 100644 (file)
--- a/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac stroke kernel-netlink socket-default updown resolve
  
    plugins {
      ipseckey {
diff --git a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf

index 644ac3d6ac82732081823aea4de50b884005c7d5..fa853d435fbfbecd3e63fff8c94f78ce72541b72 100644 (file)
--- a/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 dnskey pubkey unbound ipseckey gmp random nonce hmac stroke kernel-netlink socket-default updown attr
+  load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac stroke kernel-netlink socket-default updown attr
  
    dns1 = PH_IP_WINNETOU
    dns2 = PH_IP_VENUS
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf

index 32446b8c59835ad5ed51e2c5310a3c084e40bc4b..364b8c0fc5edc97b8582b11f33fb724d99b7d27c 100644 (file)
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf

index 32446b8c59835ad5ed51e2c5310a3c084e40bc4b..364b8c0fc5edc97b8582b11f33fb724d99b7d27c 100644 (file)
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf

index b3d3510d0584db6233ef9a8e36ce429b52dd4505..a919d68ec2b62f7760da74279f739a18452a4841 100644 (file)
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
  
    integrity_test = yes
  }
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf

index b3d3510d0584db6233ef9a8e36ce429b52dd4505..a919d68ec2b62f7760da74279f739a18452a4841 100644 (file)
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
  
    integrity_test = yes
  }
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf

index c54efe5688872a586cedbf8728de8e3265c24a82..f399dfbf1e19a6f95299fc165a92e5491635929e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
  }
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf

index decdc7ecde191d0f083d164a9093a3526df57244..43e0ef3cafb69b720a4b6ab94561db03a619ef17 100644 (file)
--- a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
  }
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf

index 75c8ad3f37c495b0735ad8581b6f599188287026..407683a43b56f56c021986fc29c22a5112849f2e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-md5 eap-tls eap-dynamic updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown
  
    plugins {
      eap-dynamic {
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf

index 6cdad0a921ed965d49518afc1e26043a33687fa6..1479e3004598615d73ff2fa5a166bb9e4b777e45 100644 (file)
--- a/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
+
    plugins {
      eap-radius {
        class_group = yes
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf

index 6cdad0a921ed965d49518afc1e26043a33687fa6..1479e3004598615d73ff2fa5a166bb9e4b777e45 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
+
    plugins {
      eap-radius {
        class_group = yes
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..0250ce3b123b1d21858e1404e01c36314abf3ef3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf

index 710c38b9ea9da2e1e9d89dd6673246c0e3fe8f1d..3a8d5c20c2850c3d9a8cca2bf3820e62f481121f 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
+
    plugins {
      eap-radius {
        secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf

index c54efe5688872a586cedbf8728de8e3265c24a82..f399dfbf1e19a6f95299fc165a92e5491635929e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf

index 6de89b826aa35b37364e79bac6911528023c0d84..6d37fbb9d6ee22c610092206c189f27487f61a23 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+
    plugins {
      eap-radius {
        secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf

index c54efe5688872a586cedbf8728de8e3265c24a82..f399dfbf1e19a6f95299fc165a92e5491635929e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
  }
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf

index c54efe5688872a586cedbf8728de8e3265c24a82..f399dfbf1e19a6f95299fc165a92e5491635929e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
  }
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf

index e48153bce079c5716de783cff9f3236980ebcc50..51eaacbe4289291bdad00d2c130289fc2b672d30 100644 (file)
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+  load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf

index e48153bce079c5716de783cff9f3236980ebcc50..51eaacbe4289291bdad00d2c130289fc2b672d30 100644 (file)
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+  load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf

index ccf3f2c86ffb0ddd7fdc7a5ad452aa9cbba135e8..c8c3f856272f84c9bc3296eb124dfbd9c7471260 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf

index ccf3f2c86ffb0ddd7fdc7a5ad452aa9cbba135e8..c8c3f856272f84c9bc3296eb124dfbd9c7471260 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf

index 5f9465d5c1cc8041bd6bc982e854b1f66649072c..48dcd3068754673e3ab344651112198fe295b48a 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
    multiple_authentication=no
+
    plugins {
      eap-peap {
        phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf

index f97b28fb1942f0f298d12cd8d891ebab7ae335c8..96b9ad0f732fc693532ebd6242fea67c033f3140 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+  load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf

index f97b28fb1942f0f298d12cd8d891ebab7ae335c8..96b9ad0f732fc693532ebd6242fea67c033f3140 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+  load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf

index f2a9c378bbd6d29f66eda61100b7cea710241d8b..e8f76d4435c3735d4147ed134ed34c17e518debf 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+  load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
    multiple_authentication=no
    plugins {
      eap-peap {
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf

index d2989a843d7fafc5234b3993a9522dc8e40f8172..c8c3f856272f84c9bc3296eb124dfbd9c7471260 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf

index d2989a843d7fafc5234b3993a9522dc8e40f8172..c8c3f856272f84c9bc3296eb124dfbd9c7471260 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf

index 3629454ed66d9b95b25f04cf41bf709431c1df44..96815514670b0462a0f829f6ec9ea6ed2b2c6652 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
    multiple_authentication=no
+
    plugins {
      eap-radius {
        secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf

index 414eebaa06880527d5913613e66987027325be1e..51614f7163eff75ed329d582d27c2fe2aa253444 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf

index 710c38b9ea9da2e1e9d89dd6673246c0e3fe8f1d..3a8d5c20c2850c3d9a8cca2bf3820e62f481121f 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
+
    plugins {
      eap-radius {
        secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf

index 1ea5962b91a64c514bbe322f0c97332d100e1ca5..195893a18851b0cb27110f40c3ec1ac5e0ba0adb 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
  }
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf

index 1ea5962b91a64c514bbe322f0c97332d100e1ca5..195893a18851b0cb27110f40c3ec1ac5e0ba0adb 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
  }
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf

index 6de89b826aa35b37364e79bac6911528023c0d84..6725cf8303ab5cc369493d7a2d0925acdb9204a6 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+  load = random nonce aes sha1 sha2 md5 curve25519 hmac stroke kernel-netlink socket-default eap-radius updown
+
    plugins {
      eap-radius {
        secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat

index 960352c51868550ced1c6d269d00172594f16c9d..9614686c270897bc3576e6b726ecb3862b483e2b 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
@@ -1,3 +1,6 @@
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
  moon::iptables-restore < /etc/iptables.rules
  carol::iptables-restore < /etc/iptables.rules
  dave::iptables-restore < /etc/iptables.rules
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf

index 1ea5962b91a64c514bbe322f0c97332d100e1ca5..e78434f8f8c80c7a2b81f13af566b4f603b16322 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
  }
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf

index 1ea5962b91a64c514bbe322f0c97332d100e1ca5..e78434f8f8c80c7a2b81f13af566b4f603b16322 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
  }
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf

index 6de89b826aa35b37364e79bac6911528023c0d84..6d37fbb9d6ee22c610092206c189f27487f61a23 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+
    plugins {
      eap-radius {
        secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf

index a2c3b7154415930e7207251a57e801e1d22e179d..e652c52d7d564ad698c978d557ae37537cd193b3 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
  
    integrity_test = yes
  }
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf

index 1716f912b50921acd15abdba356cb989df99224b..0015835136c32a2e042075feba1a24f9de720b16 100644 (file)
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
  
    integrity_test = yes
  }
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf

index 2fc9f94d3888c28efad5640900e9941b23ac1aed..6b0ab0dccaa1f99a4e0e5f75397100c42c99cd51 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
    multiple_authentication=no
  
    plugins {
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf

index 2fc9f94d3888c28efad5640900e9941b23ac1aed..6b0ab0dccaa1f99a4e0e5f75397100c42c99cd51 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
    multiple_authentication=no
  
    plugins {
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf

index 15101762616ec8b09ae9d0ebfeca649e8aba22db..2261fc3e13bad55a0cbe0480022d6f413dd6ed8e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
  
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf

index 35b6f399ea47bea2bb4d476b5de6a4ea783892a4..8865bd52c42862d6e8bd600ee3ec276ded6925a2 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
  
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf

index 50f0389d391f4e03bd0b25c14046c4f21332fa4e..84d5714820fbb08299a7c01e971677bd0c44c075 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,10 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
    multiple_authentication=no
  }
+
  libtls {
    suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  }
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf

index fbf1617bca11501e1f95e3fb51e297d4bcee580c..783b4c844450d546008a1d491024cfddd517fa61 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
    multiple_authentication=no
+
    plugins {
      eap-radius {
        secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf

index e1a0cee27fcdfb9898f8c0150109da3a335fb6b8..95100269072793310579551c03357d385898ea06 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf

index e1a0cee27fcdfb9898f8c0150109da3a335fb6b8..95100269072793310579551c03357d385898ea06 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf

index 3f7b266a4282ef072f4c68db75c92f2e4846bb5e..242329b3befeabd052fefca60b83ec5c1ab80f99 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
+
    plugins {
      eap-ttls {
        phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf

index d148c4e974e806b917616d1937444f29aa31678a..95100269072793310579551c03357d385898ea06 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf

index d148c4e974e806b917616d1937444f29aa31678a..95100269072793310579551c03357d385898ea06 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf

index 2d85e8c03e959978aefdd20ab55afe9195aff1e1..20afebf816fd70d9d0d3014fb528d831fb1fded5 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
+
    plugins {
      eap-ttls {
        phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf

index e1a0cee27fcdfb9898f8c0150109da3a335fb6b8..1d380c40937168db3c7b4176d02a4a8aa4b993c7 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf

index e1a0cee27fcdfb9898f8c0150109da3a335fb6b8..1d380c40937168db3c7b4176d02a4a8aa4b993c7 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
    multiple_authentication=no
  }
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf

index fbf1617bca11501e1f95e3fb51e297d4bcee580c..96815514670b0462a0f829f6ec9ea6ed2b2c6652 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
    multiple_authentication=no
+
    plugins {
      eap-radius {
        secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf

index 7ea4d88b3443f3b66b315f6c54adbf74c246ac44..9c9714a33c3900c6083a59b1916088f6b5bea5d0 100644 (file)
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf

index 7ea4d88b3443f3b66b315f6c54adbf74c246ac44..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf

index 7ea4d88b3443f3b66b315f6c54adbf74c246ac44..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf

index 73b0885d0076b64417a329dd6566f64d614b4c0f..54b68df4f4ee761a64874d12c0082a1e9cde2ee2 100644 (file)
--- a/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    initiator_only = yes
  }
diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf

index 094e0effa49787b341ff807dab8b35052c18de35..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf

index 094e0effa49787b341ff807dab8b35052c18de35..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf

index d35cb993ad99d927c62ba0925e06394ac1345639..680785b238bf361d98f2c0cca984951921382675 100644 (file)
--- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes des md5 sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf

index d35cb993ad99d927c62ba0925e06394ac1345639..6fab7121c1224820758f4fb093e810a84addbed5 100644 (file)
--- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes des sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf

index 665ef653bee82e3bbd5d5e9cdf6271204e04460d..c58fdbcd755d968876b7fc5afac22ab15d55fbc9 100644 (file)
--- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 pkcs8 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf

index d84cba2b0c6c1a5059a927aa5288216d8b665191..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf

index 924fd475790fa9b940875a7ddf1dd2ddf6e80db0..b91dca901722dde9e911fa580804045e7232a7b6 100644 (file)
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf

index 924fd475790fa9b940875a7ddf1dd2ddf6e80db0..669e299330aa9a70a897894577eeb13f41bc8d63 100644 (file)
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf

index 924fd475790fa9b940875a7ddf1dd2ddf6e80db0..669e299330aa9a70a897894577eeb13f41bc8d63 100644 (file)
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf

index 2a5c62cc26b63ffc2bbc9c9185a73f83c2562ae6..445b100cc39bfb3989b25cbca98b268db36270bb 100644 (file)
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default  eap-md5 eap-identity updown
  }
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf

index a7937edd201153c524ae54a53f38fe699489140a..75418b8a607ef0a2ef2776243e17a6b23379a57b 100644 (file)
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
    plugins {
      eap-radius {
        secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf

index 044d73ac3d53cd3c57e5efcf96397c2558ed8e4b..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf

index 044d73ac3d53cd3c57e5efcf96397c2558ed8e4b..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf

index 044d73ac3d53cd3c57e5efcf96397c2558ed8e4b..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default fips-prf updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf

index 77edd576c341d8a5ae14b8b4a63e2f17d228f00b..6145a963af7d277c0241763d3adee3be3b517135 100644 (file)
--- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac whitelist stroke kernel-netlink socket-default updown
    plugins {
      whitelist {
        enable = yes
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf

index 0387fdfe97d1f4c39f15993a112a91ae15faf16a..9d07c88e40d04298e0018e9385b871f491ebda24 100644 (file)
--- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf

index 2127105da5b43a7732fdb7abc3a3c5962bf9bd19..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf

index 0387fdfe97d1f4c39f15993a112a91ae15faf16a..9d07c88e40d04298e0018e9385b871f491ebda24 100644 (file)
--- a/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf

index 8e685c862ad3844b7505fa6a892cba51bb6a3964..dbcd7d844602828f66918eaf27dd04b7415d921b 100644 (file)
--- a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf

index 8e685c862ad3844b7505fa6a892cba51bb6a3964..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf

index 8e685c862ad3844b7505fa6a892cba51bb6a3964..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf

index 8e685c862ad3844b7505fa6a892cba51bb6a3964..8d89cd0bb344bebbbaf2610b055977fc188a5659 100644 (file)
--- a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..714f868680d2289093bbedc0e99b0295d0ef6ca6 100644 (file)
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf

index 7014c369e8f7c93ac03a1cbb84c0baa91e6ad7a3..7a64dce3033586949eb4732027f3d9f40fe83cc7 100644 (file)
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
  }
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf

index 818f7cde3b9e7fd954c8c71e67ed0fc0254864ed..6cb3ee291e1f939db910343bd4264572b0a5ef69 100644 (file)
--- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -2,7 +2,7 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf

index 818f7cde3b9e7fd954c8c71e67ed0fc0254864ed..6cb3ee291e1f939db910343bd4264572b0a5ef69 100644 (file)
--- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -2,7 +2,7 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf

index a0f83449a3ba1d5ac0c4cb6bac472d66a1ecfb88..00380ccb42e2e1b16d668402d3d146e39c8d7955 100644 (file)
--- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1400
  }
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf

index a0f83449a3ba1d5ac0c4cb6bac472d66a1ecfb88..00380ccb42e2e1b16d668402d3d146e39c8d7955 100644 (file)
--- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1400
  }
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf

index a0f83449a3ba1d5ac0c4cb6bac472d66a1ecfb88..00380ccb42e2e1b16d668402d3d146e39c8d7955 100644 (file)
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1400
  }
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf

index a0f83449a3ba1d5ac0c4cb6bac472d66a1ecfb88..00380ccb42e2e1b16d668402d3d146e39c8d7955 100644 (file)
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1400
  }
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf

index 5f29f522f08ced0c04328159cfa4a331c59ec031..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf

index 1f39ade822073dd6f8b5859597fa06aa03537bd5..7a39a8ae4627929cf0b2a12cf8f3219d34180ad0 100644 (file)
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size=1024
  }
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf

index 268b708df3518770778f4dc8e41e7f7bc02bcaa5..0be55a717d9c23dee22976bf23199f8adf629b0f 100644 (file)
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    install_routes = no
  }
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf

index a1a6e749401a6e38f4be91f3b5b2a20b4e0ac23d..812d52a956804658b877af45f04a34a7feb0fedf 100644 (file)
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    install_routes=no
  }
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf

index 268b708df3518770778f4dc8e41e7f7bc02bcaa5..0be55a717d9c23dee22976bf23199f8adf629b0f 100644 (file)
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    install_routes = no
  }
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf

index a1a6e749401a6e38f4be91f3b5b2a20b4e0ac23d..812d52a956804658b877af45f04a34a7feb0fedf 100644 (file)
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
    install_routes=no
  }
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf

index ec700392b91050f34b93f5b3187c714a85fec22c..4fa0583ed39df2862f96c9ead642c3034ba4c612 100644 (file)
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf

index ec700392b91050f34b93f5b3187c714a85fec22c..4fa0583ed39df2862f96c9ead642c3034ba4c612 100644 (file)
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf

index 5f29f522f08ced0c04328159cfa4a331c59ec031..0835a1605368335e9ddb4c541c5571a6de468128 100644 (file)
--- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf

index 5f29f522f08ced0c04328159cfa4a331c59ec031..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf

index 5f29f522f08ced0c04328159cfa4a331c59ec031..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..9c9714a33c3900c6083a59b1916088f6b5bea5d0 100644 (file)
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..9c9714a33c3900c6083a59b1916088f6b5bea5d0 100644 (file)
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..9c9714a33c3900c6083a59b1916088f6b5bea5d0 100644 (file)
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf

index 699d8fdb1a4e7bc3581a5602907130cd192f2865..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf

index 699d8fdb1a4e7bc3581a5602907130cd192f2865..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf

index 699d8fdb1a4e7bc3581a5602907130cd192f2865..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf

index 699d8fdb1a4e7bc3581a5602907130cd192f2865..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf

index 699d8fdb1a4e7bc3581a5602907130cd192f2865..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf

index 699d8fdb1a4e7bc3581a5602907130cd192f2865..9555143918736bb81b80ef2144699fc06511597c 100644 (file)
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf

index ec700392b91050f34b93f5b3187c714a85fec22c..da170cb15ed16e7c81aec96f734bf5cb446b971d 100644 (file)
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf

index bb9f8222c469349f0ab985be8e413da3393b2c0d..4fa0583ed39df2862f96c9ead642c3034ba4c612 100644 (file)
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random x509 curl nonce revocation addrblock hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf

index ec700392b91050f34b93f5b3187c714a85fec22c..4fa0583ed39df2862f96c9ead642c3034ba4c612 100644 (file)
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf

index 5f29f522f08ced0c04328159cfa4a331c59ec031..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf

index 5f29f522f08ced0c04328159cfa4a331c59ec031..02280ac2f75c526d27733acaee9bccefd8cac053 100644 (file)
--- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  
    fragment_size = 1024
  }
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf

index 82690710b0989c41d1bf5605b8144c21cc5ce360..3a52f0db696297766e34bc380b7288d159681197 100644 (file)
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
  
  charon {
    hash_and_url = yes
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf

index 71180e05b09196c7f97607b5981c10b94c8b2672..c8897b084107c1bcc92d1f307c993c531a1d8146 100644 (file)
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
+
    plugins {
      kernel-netlink {
        fwmark = !0x42
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf

index 71180e05b09196c7f97607b5981c10b94c8b2672..c8897b084107c1bcc92d1f307c993c531a1d8146 100644 (file)
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,8 +1,9 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
+
    plugins {
      kernel-netlink {
        fwmark = !0x42
diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat

index e71456ef71ebe83b85c17ceacadacc2ce6841199..9365a8f44174544c7368296595c8ffd2e4975a66 100644 (file)
--- a/testing/tests/libipsec/net2net-3des/evaltest.dat
+++ b/testing/tests/libipsec/net2net-3des/evaltest.dat
@@ -2,8 +2,8 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
  sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
  moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
  sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES
-sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024::YES
+moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
+sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
  sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf

index f1d328fe5340092f0bfb1011a4a84061c0b29c70..141b4a3ed8ee0622568b20921383ef4c8ebfb74c 100644 (file)
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       ike=3des-sha1-modp1024!
-       esp=3des-sha1-modp1024!
+       ike=3des-sha1-modp2048!
+       esp=3des-sha1-modp2048!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf

index 19d636b3ef7ab5109bd3074ddf2f45dd264215fa..467da3ac9b09450809f30d52cfc5adf940d78371 100644 (file)
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf

index 3bd31c61f08e771fb4f2f7d118ff0060bc67c5ca..0108a04a32cb4cad6bb9381132a3427a819cd2c6 100644 (file)
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
@@ -8,8 +8,8 @@ conn %default
         rekeymargin=3m
          keyingtries=1
         keyexchange=ikev2
-        ike=3des-sha1-modp1024!
-        esp=3des-sha1-modp1024!
+        ike=3des-sha1-modp2048!
+        esp=3des-sha1-modp2048!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf

index 19d636b3ef7ab5109bd3074ddf2f45dd264215fa..467da3ac9b09450809f30d52cfc5adf940d78371 100644 (file)
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf

index 19d636b3ef7ab5109bd3074ddf2f45dd264215fa..fa7c0ece24ab58623673a7f29c0ba2a3a6d30ed6 100644 (file)
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf

index 19d636b3ef7ab5109bd3074ddf2f45dd264215fa..fa7c0ece24ab58623673a7f29c0ba2a3a6d30ed6 100644 (file)
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf

index c283474db84bddf121d298852c174a9effddfb4c..2beff1b76c63af24871557b17e371dbda88c6e98 100644 (file)
--- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = pem pkcs1 random nonce revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf

index c283474db84bddf121d298852c174a9effddfb4c..2beff1b76c63af24871557b17e371dbda88c6e98 100644 (file)
--- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = pem pkcs1 random nonce revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
    multiple_authentication = no
  }
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf

index 8acfbbffa53458e70d61e60bb808f628d1d2f48a..4ab9a617f51deb926adc83c880b38783d725c1c1 100644 (file)
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
  
    initiator_only = yes
  
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf

index 8acfbbffa53458e70d61e60bb808f628d1d2f48a..4ab9a617f51deb926adc83c880b38783d725c1c1 100644 (file)
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
  
    initiator_only = yes
  
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf

index 5f39be37eca972f909c8ce4835adf1626f6fc3d6..d68b6e57a5dc89571a391e87854d986988f721dc 100644 (file)
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = pem pkcs1 pkcs8 random nonce x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+  load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
  
    plugins {
      openssl {
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf

index 58914391c96062a69d511bf13e1daad0a001555a..1527867c7af5dc9dfe5dba507e5d979f2d206486 100644 (file)
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf

index 150c63bc745be4045a0995c9186d7ed1623d487a..ed9410c047e67dd4f032b13e3f0d92ab93489748 100644 (file)
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn home
         left=PH_IP_DAVE
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf

index 5cf82c6b893ba3c87baba64e174a88e8ee777325..359029d027c8a7a495076d76b480cb2e53794295 100644 (file)
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf

index 3b065774f3ca8bb1a7e8fdb683d977d7ea1f0038..24beedd829acb60b6459a3344968c4cbcd5d97b2 100644 (file)
--- a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf

index 2b4406d75c63735ab923b7aaa9569e6676aca5e1..f176bcd9235eec32acb76f9d2f27ed70dd3088ce 100644 (file)
--- a/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/critical-extension/hosts/sun/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
          keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf

index dd2ceea604df666c9b67d263b9eb10094e17c657..c562e359c2831661ff1670288559dfe069794c98 100644 (file)
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf

index 4c6e11f16ab707e32fa0f291155efc04192b618e..62a62a463d22acb880e1daeb3531cd8dc3bf335e 100644 (file)
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn home
         left=PH_IP_DAVE
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf

index e67d9af9bf2d61499d1ffe2ab7ddc658eee5caf0..c5e5e61b0375accb7eeebe25f929a0e0d9057334 100644 (file)
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf

index dd2ceea604df666c9b67d263b9eb10094e17c657..c562e359c2831661ff1670288559dfe069794c98 100644 (file)
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn home
         left=PH_IP_CAROL
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf

index 4c6e11f16ab707e32fa0f291155efc04192b618e..62a62a463d22acb880e1daeb3531cd8dc3bf335e 100644 (file)
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn home
         left=PH_IP_DAVE
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf

index e67d9af9bf2d61499d1ffe2ab7ddc658eee5caf0..c5e5e61b0375accb7eeebe25f929a0e0d9057334 100644 (file)
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-ecp256!
+       esp=aes128gcm16!
  
  conn rw
         left=PH_IP_MOON
diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf

index 7601113ab28d6a805ce7666eb8ef07550c48f24f..fcb9d839f06855ca2f77d393a005f4394ecf78dd 100644 (file)
--- a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
@@ -8,7 +8,10 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
-       
+       ike=aes128-sha256-modp3072!
+       esp=aes128gcm16!
+       mobike=no
+
  conn net-net
         left=PH_IP_MOON
         leftsubnet=10.1.0.0/16
diff --git a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf

index 641c3d929cbf03409a1d1aa708fabba4e7f5d1fa..91d6ef5d800abe5787109c039199b1d394e8f586 100644 (file)
--- a/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
@@ -8,6 +8,9 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-modp3072!
+       esp=aes128gcm16!
+       mobike=no
         
  conn net-net
         left=PH_IP_SUN
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf

index 0296e1804da30626daf1a2ea19c182108a698d35..195710a7f0c793e85822c3692bfa104cc58ea0e7 100644 (file)
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf
@@ -8,6 +8,8 @@ conn %default
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-modp3072!
+       esp=aes128gcm16!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf

index 6dcedd0e623f74e99d7e02978d95331639564aad..292fbeeb644f051345b38c92957a26b146b78293 100644 (file)
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf
@@ -6,8 +6,10 @@ conn %default
         ikelifetime=60m
         keylife=20m
         rekeymargin=3m
-        keyingtries=1
+       keyingtries=1
         keyexchange=ikev2
+       ike=aes128-sha256-modp3072!
+       esp=aes128gcm16!
         mobike=no
  
  conn net-net 
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..93f4345989bc7279b58f86fe0e24dbb744c7d911 100644 (file)
--- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf

index f585edfca2e73d45a030da78d02ce00a39abb809..af5fa19ef1618ea92149e1f9886421935c4c53aa 100644 (file)
--- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..45eef63d614309cc914ce635f870eae01d641e69 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..da46bc2dc6508ebcf56adec5bd4d3389a2a0670f 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..fc5f418a6b194e8fb9b9f872f62e3103b8d23b97 100644 (file)
--- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..43363ba190615ae0165268d1d2e5881c9f300120 100644 (file)
--- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..fc5f418a6b194e8fb9b9f872f62e3103b8d23b97 100644 (file)
--- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..43363ba190615ae0165268d1d2e5881c9f300120 100644 (file)
--- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..dcbd7643318a7d106faf1e8b6d2adb065bab88a8 100644 (file)
--- a/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..dcbd7643318a7d106faf1e8b6d2adb065bab88a8 100644 (file)
--- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..dcbd7643318a7d106faf1e8b6d2adb065bab88a8 100644 (file)
--- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..dcbd7643318a7d106faf1e8b6d2adb065bab88a8 100644 (file)
--- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf

index 5afc88f8a7090fffc2dd690ca4ddd03ed87267b4..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf

index a627f72a174a8fc5d12556743a08720f64b58bd2..5c541e4abb7c882af7132543402da683615b8c93 100644 (file)
--- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
  
    integrity_test = yes
    crypto_test {
diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf

index a627f72a174a8fc5d12556743a08720f64b58bd2..5c541e4abb7c882af7132543402da683615b8c93 100644 (file)
--- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
  
    integrity_test = yes
    crypto_test {
diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf

index a627f72a174a8fc5d12556743a08720f64b58bd2..5c541e4abb7c882af7132543402da683615b8c93 100644 (file)
--- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
  
    integrity_test = yes
    crypto_test {
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf

index db61be2ee0a458c4779273d5f397c78f481e4da8..138386b6d995311eb36c52c2313c3553e20f063b 100644 (file)
--- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf

index f8efdfff16ab03c4c22ceaf2bf036ef7ec6322db..0ecc2f847981c015e26405f4fff9c7fb80828f9e 100644 (file)
--- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  }
diff --git a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf

index db61be2ee0a458c4779273d5f397c78f481e4da8..138386b6d995311eb36c52c2313c3553e20f063b 100644 (file)
--- a/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
  
    keep_alive = 5
  }
diff --git a/testing/tests/swanctl/config-payload/evaltest.dat b/testing/tests/swanctl/config-payload/evaltest.dat

index 8115a9e531a97a903668f8fc6ea55dd9c3fad7bd..3827b655b04d0fed63d91429cd98a6c3f2d0e748 100755 (executable)
--- a/testing/tests/swanctl/config-payload/evaltest.dat
+++ b/testing/tests/swanctl/config-payload/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]
  moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.1 identity=carol@strongswan.org status=online::YES
  moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.2 identity=dave@strongswan.org status=online::YES
  moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES
diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..1f367c2a06124c3754c263607e127abf4407bb0d 100755 (executable)
--- a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf

index f1a76db625d233f1ab2aa1df64e717351d491136..b97935ad5127b870ecae155f0f330f21939f1354 100755 (executable)
--- a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf
@@ -19,10 +19,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..1f367c2a06124c3754c263607e127abf4407bb0d 100755 (executable)
--- a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf

index 184185bb3fbbb493880bb76c7d7d980c18b69280..71631b333f7bbac07481f7365b930e18681b9d81 100755 (executable)
--- a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf
@@ -19,10 +19,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf

index cd161bed071e4b6d19adc9270b2166ee3623598b..ff6e7193e082e14ab92f15fbae3e54d33b583c6f 100755 (executable)
--- a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf

index 08fa7113c8040637e9bccd9381fb093602246450..7819dbf14899e1058b86d2fad7a5c62f39844a87 100755 (executable)
--- a/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf
+++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/swanctl/swanctl_base.conf
@@ -10,8 +10,8 @@
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
diff --git a/testing/tests/swanctl/ip-pool-db/evaltest.dat b/testing/tests/swanctl/ip-pool-db/evaltest.dat

index 5fa9dcac49085615a9ee01966e48bd98e63fc883..93983d8d336d794c0b8586f70d1f2ea14bc42c52 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/evaltest.dat
+++ b/testing/tests/swanctl/ip-pool-db/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]
  moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES
  moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES
  moon:: ipsec pool --status 2> /dev/null::big_pool.*10.3.0.1.*10.3.3.232.*static.*2::YES
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf

index 44384caf4aa69659af7ab33b8442807eb6f9b98a..11b1576e41dc3573819b6d89b54fe1f7bffd193f 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf

index f1a76db625d233f1ab2aa1df64e717351d491136..b97935ad5127b870ecae155f0f330f21939f1354 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf
@@ -19,10 +19,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf

index 79bd9630b96b77c71e95159ef333afb5338ef4ae..be90bde254b6e4fa28224ffcf2aa660466f6519f 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default resolve updown vici
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf

index 184185bb3fbbb493880bb76c7d7d980c18b69280..71631b333f7bbac07481f7365b930e18681b9d81 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf
@@ -19,10 +19,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf

index 1eab75a03637465dcfe030117f1d8916f8121e6f..885d986c38ffdfb6dff8772adcb9cc4a77f0dc98 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown sqlite attr-sql vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf

index 3975512d45b2349c26fecfe8c2f4bbfe2ca85c1a..d6f178a78639635f4a18327ffd429ae913e39814 100755 (executable)
--- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf
@@ -17,10 +17,10 @@ connections {
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/ip-pool/evaltest.dat b/testing/tests/swanctl/ip-pool/evaltest.dat

index ee0b9805eccd091a4049025d606080191c538dc8..0be5dcffba5d9382314a8513d4570f1fbe53670a 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/evaltest.dat
+++ b/testing/tests/swanctl/ip-pool/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]
  moon:: swanctl --list-pools --raw 2> /dev/null::rw_pool.*base=10.3.0.0 size=14 online=2 offline=0::YES
  moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.1 identity=carol@strongswan.org status=online::YES
  moon:: swanctl --list-pools --raw --leases 2> /dev/null::address=10.3.0.2 identity=dave@strongswan.org status=online::YES
diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf

index f1a76db625d233f1ab2aa1df64e717351d491136..b97935ad5127b870ecae155f0f330f21939f1354 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf
@@ -19,10 +19,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf

index 184185bb3fbbb493880bb76c7d7d980c18b69280..71631b333f7bbac07481f7365b930e18681b9d81 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf
@@ -19,10 +19,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf

index cd161bed071e4b6d19adc9270b2166ee3623598b..67e5a616a77f997c619f895c230fcc52d2aa20ca 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf

index 8d4dd6bdd2e84911a0cb704bb6db5c12c7955234..bd65025d81ae740ef26ed3c8491afb3ff18318da 100755 (executable)
--- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf
@@ -17,11 +17,11 @@ connections {
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/manual-prio/evaltest.dat b/testing/tests/swanctl/manual-prio/evaltest.dat

index 8a035056364bb83734148eac37aa2e6e9c0f484a..25e81920bc1ab007cb1290e390b5472d5dee2a21 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/evaltest.dat
+++ b/testing/tests/swanctl/manual-prio/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
  carol::ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES
  carol::ping -c 1 10.1.0.10::64 bytes from 10.1.0.10: icmp_.eq=1::YES
  dave:: ping -c 1 10.1.0.1::64 bytes from 10.1.0.1: icmp_.eq=1::YES
diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf

index 1821c1ca2712bb5f9853471bf5961137f5018444..81797718869b90ed45a1bfd23f85c5b42befda88 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.1.0.0/16 
              priority = 2
  
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  
     shunts {
diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf

index ecdd58591cc581a6638c3f616815d902a2877a06..28c8eaa72d6bb3fb67b93de6654cd0066efdd6d1 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  
     shunts {
diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf

index 5fefdcdd26a7617c36ba8b62c4c05b7851b64929..560627a55d0ed6448a8a0f8edc95a43df0a85cc6 100755 (executable)
--- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              interface = eth0
              policies_fwd_out = yes
  
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  
     shunts {
diff --git a/testing/tests/swanctl/net2net-cert/evaltest.dat b/testing/tests/swanctl/net2net-cert/evaltest.dat

index 1d9bd64347e82149a013dbac050172376da8486a..4c56d5299b58dc3f35aeb8bd8d3a5725f617041c 100755 (executable)
--- a/testing/tests/swanctl/net2net-cert/evaltest.dat
+++ b/testing/tests/swanctl/net2net-cert/evaltest.dat
@@ -1,5 +1,5 @@
-moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
-sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf

index 9034651e73e88a2b313e58885ff472dd3d64e123..7f188e1c9cbe871204e6aaa418474c8052ee3910 100755 (executable)
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -22,12 +22,12 @@ connections {
              rekey_time = 5400
              rekey_bytes = 500000000
              rekey_packets = 1000000
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
        reauth_time = 10800
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf

index 2b9ddcf72f2b93cc525693879312ce1688c0c1e3..d784bbd768ad17343ea597da6ee7d6b56f0be421 100755 (executable)
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
@@ -22,12 +22,12 @@ connections {
              rekey_time = 5400
              rekey_bytes = 500000000
              rekey_packets = 1000000
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
        reauth_time = 10800
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-gw/evaltest.dat b/testing/tests/swanctl/net2net-gw/evaltest.dat

index 4908d80be02d134d72363c101dc56f7893ac0f7e..c104aae3e75d8ec99c0fd48b08d5d47782dd83eb 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/evaltest.dat
+++ b/testing/tests/swanctl/net2net-gw/evaltest.dat
@@ -1,5 +1,5 @@
-moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
-sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  sun::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES
  sun::tcpdump::IP sun.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf

index febe9faba19898e5bf9a5f7594da43ca79cfa4a9..4f54f610a0db3ee7a7edbada94b70cc8d20a7992 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf

index d450053e5a74f9999b64b18cd8a7897bb55d3c64..ed6e6f4b5d3d5f8e610d2056ab56731640d6b02e 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
@@ -16,12 +16,12 @@ connections {
              remote_ts = 10.1.0.0/16
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
     gw-sun {
        local {
diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf

index febe9faba19898e5bf9a5f7594da43ca79cfa4a9..4f54f610a0db3ee7a7edbada94b70cc8d20a7992 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf

index 348e5329f2ba836b5279c0362cb3bf22b61a3e09..317a45dddcf68d21e4d077fdbea3875b4aaca2f3 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.2.0.0/16
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf

index febe9faba19898e5bf9a5f7594da43ca79cfa4a9..4f54f610a0db3ee7a7edbada94b70cc8d20a7992 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf

index 68e70be81213b2ece6630ec5f7f83d6446643412..391cbedcd4dd48c23496ac942033f2a79e0fc03e 100755 (executable)
--- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.1.0.0/16
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-route/evaltest.dat b/testing/tests/swanctl/net2net-route/evaltest.dat

index a500b299664b74629372f8848693c22fe0274d89..5a953714196af3bd976def1f3d967363acf8ac79 100755 (executable)
--- a/testing/tests/swanctl/net2net-route/evaltest.dat
+++ b/testing/tests/swanctl/net2net-route/evaltest.dat
@@ -1,7 +1,7 @@
  moon::swanctl --list-pols --raw 2> /dev/null::net-net.*mode=TUNNEL local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
  moon::cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[icmp/8] === 10.2.0.10/32\[icmp/8]::YES
-moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
-sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..9d7fa51d4c4d52fe6830eff0dbbca310bfb3d62c 100755 (executable)
--- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf

index 3de6edcb681afe45bf264562920038c246c1ed96..f595e14b7695b92ae4371bcfbd02bd676b3a0ef1 100755 (executable)
--- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf
@@ -20,11 +20,11 @@ connections {
  
              start_action = trap 
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..4ca179a5f37dcf3bd15e7adedc2f7cec405f319f 100755 (executable)
--- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici 
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf

index 5a9cd1308f6a2097717e342f1b25aaca0d315f22..5615986d697df2b5214112ca8738b28d8a46399f 100755 (executable)
--- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf
@@ -20,11 +20,11 @@ connections {
  
              start_action = none
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-start/evaltest.dat b/testing/tests/swanctl/net2net-start/evaltest.dat

index 1d9bd64347e82149a013dbac050172376da8486a..4c56d5299b58dc3f35aeb8bd8d3a5725f617041c 100755 (executable)
--- a/testing/tests/swanctl/net2net-start/evaltest.dat
+++ b/testing/tests/swanctl/net2net-start/evaltest.dat
@@ -1,5 +1,5 @@
-moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
-sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
  alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
  sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
  sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..1f367c2a06124c3754c263607e127abf4407bb0d 100755 (executable)
--- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf

index 0713e7d259821a72d4a1b228329b4545120c37c6..5262e241f7de2866cc050ce8e624d6b915b942e1 100755 (executable)
--- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf
@@ -20,11 +20,11 @@ connections {
  
              start_action = start 
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..1f367c2a06124c3754c263607e127abf4407bb0d 100755 (executable)
--- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf

index 5a9cd1308f6a2097717e342f1b25aaca0d315f22..5615986d697df2b5214112ca8738b28d8a46399f 100755 (executable)
--- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf
@@ -20,11 +20,11 @@ connections {
  
              start_action = none
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
        mobike = no
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf

index 1065d9ab0b7e3e4d8aca797078f64367dc2aab14..5cf4d0cf12739c5a183a99ca331c124c81d3c6c5 100644 (file)
--- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac vici kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf

index 1065d9ab0b7e3e4d8aca797078f64367dc2aab14..5cf4d0cf12739c5a183a99ca331c124c81d3c6c5 100644 (file)
--- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = random nonce aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac vici kernel-netlink socket-default updown
+  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-cert/evaltest.dat b/testing/tests/swanctl/rw-cert/evaltest.dat

index 51bf8c1ba0f4446f86530e765238949d066e7b23..8a8a95f7ec3a40ed741d83c4a5e8c1beab7ebc95 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/evaltest.dat
+++ b/testing/tests/swanctl/rw-cert/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
  alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
  alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..909bca0fcf207348748c81e6722c7d0d514caa6e 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf

index 6cdc7bdf5c7ecff8e2d61afde313c19aae119c6c..80c99d9f90dbc07ccebcaa853bb739712ed91e83 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..909bca0fcf207348748c81e6722c7d0d514caa6e 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf

index e65ec7a18d0d5e1298f6a5af407e9dd2cb4b1f1e..484c3522c7e49ce6fd057961c7de47c566186c58 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
@@ -18,10 +18,10 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf

index 7d7e5f9f58c804832026482de530c97b6b17eaca..909bca0fcf207348748c81e6722c7d0d514caa6e 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf

index a3c51c889faf6b0148197fa1d289d5cfdb9b0a7a..fa8a1fc49e401832f8926bd4c150b84dbe4ce1ec 100755 (executable)
--- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -16,10 +16,10 @@ connections {
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat

index f0a25b166c795af9bfe2a530b6ef65ff0af32e87..a7f04b53a19c73aec3baf4eeca32eb031862be19 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
+++ b/testing/tests/swanctl/rw-hash-and-url/evaltest.dat
@@ -2,10 +2,10 @@ carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
  dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
  moon:: cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES
  moon:: cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
  alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
  alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf

index 4b0e31118930da91a3decae666994039611ab00f..d58694c38a97a1b193caebab4f3b07a3ba9329ef 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf

index 401b9fa49851172096edf2fda2dc8ed245558a89..5bee1f5bf8eb22bd4ed5eb6846e2bfb4ab4b493d 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf

index 4b0e31118930da91a3decae666994039611ab00f..d58694c38a97a1b193caebab4f3b07a3ba9329ef 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf

index b1e734def0046fab305d8ea2f12503ae1d0ef43e..99c5b9e0ac24aa02bb7cbc799a47a31a5f5cd146 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf
@@ -18,11 +18,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf

index 4b0e31118930da91a3decae666994039611ab00f..d58694c38a97a1b193caebab4f3b07a3ba9329ef 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf

index f8931756d0f4799b4b0d02bd3fc1ea0471a0ef2c..0f8e059b94ca346fa1863da41a29ea08633c4910 100755 (executable)
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf
@@ -16,11 +16,11 @@ connections {
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat

index e7bff2df1d4b8d148c0ff61899b6bb7f987f6973..f91649b3b2aeb8459e388e2923a6ca3352c28e5a 100755 (executable)
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/evaltest.dat
@@ -2,9 +2,9 @@ alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
  venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
  alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO
  venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
  dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
-moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
  moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 dh-group=MODP_2048.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
  moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf

index bbb6f6cc37bccbb74473f7dc927e103180b07ff5..22b318472345ea3c9a589bd2bbabcba81c591c90 100755 (executable)
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf

index 12f62cf4e30aa37bb89ad926549e958d6c2fddd6..e4e15bafbb931253fc2c86d97a43b04c30399df7 100755 (executable)
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -17,10 +17,10 @@ connections {
              remote_ts = 10.1.0.0/28 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128-sha256-modp3072
+            esp_proposals = aes128-sha256-curve25519
           }
        }
        version = 1
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf

index c5c1fc3b8317f4ded46565d2712fb1d2525bb1e4..a55b90a5d1342692c8fb9d4166fb0a9ddbc580e4 100755 (executable)
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
+  load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf

index 71ae251a6b92757a4b4d665d8f90583590debec5..e7b5caaf8994dbccb7ce9895b11fd7ad2be6ee0b 100755 (executable)
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = random nonce sha1 sha2 aes des hmac pkcs1 pem pubkey x509 revocation constraints gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf

index 8356c0249a09d7a511b167c8444af9c7128a621e..63d87c3f00d8f818f077b147c986fdc1cef08360 100755 (executable)
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
              local_ts  = 10.1.0.0/28
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128-sha256-modp3072 
+            esp_proposals = aes128-sha256-curve25519
           }
        }
        version = 1 
-      proposals = aes128-sha256-modp3072,3des-sha1-modp2048
+      proposals = aes128-sha256-curve25519,3des-sha1-modp2048
     }
  
     rw-2 {
@@ -40,6 +40,6 @@ connections {
           }
        }
        version = 1
-      proposals = 3des-sha1-modp2048,aes128-sha256-modp3072
+      proposals = 3des-sha1-modp2048,aes128-sha256-curve25519
     }
  }
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf

index 83cfb4ee070a410dba259a5e791abdc1068a5412..9ffc10db04b8623ebb6957b69452ae5596f0b339 100755 (executable)
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
  }
  
  charon {
-  load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici 
+  load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici 
  
    send_vendor_id = yes
    fragment_size = 1500
diff --git a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat

index 41595b60c390703157eea9e2096b8d21ae497601..1a34a92484e5a226527eda84b012e08a9e708844 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
  alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
  alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf

index 68df22ac84b5291b3f2cc527a9bde632a2f06930..335f389959054a97334bd7a76f8208b6a71dcede 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf

index 9bf759ee32ed66dad5ab824806162567b5d445f2..870ae3ff793d92c5869b3ec460e948a69fd18341 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf
@@ -17,11 +17,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf

index 68df22ac84b5291b3f2cc527a9bde632a2f06930..335f389959054a97334bd7a76f8208b6a71dcede 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf

index 1f2beefef9922d5cb616db668aaac25e19a3162c..b3eecc718f423dc5e96fec50e7f7bee4c90d9991 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf
@@ -17,11 +17,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf

index 68df22ac84b5291b3f2cc527a9bde632a2f06930..335f389959054a97334bd7a76f8208b6a71dcede 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf

index 7138b5d4aa2eb5989e9fa6b9b7294a251003016c..bd22f41c879fbeda2da133148ad881f99c6c12d5 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat

index 097489da55e4f8e51ecaf688909337a2b424c3ee..3eacc397d285f788a52835bda751057038aa5135 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/evaltest.dat
@@ -4,10 +4,10 @@ alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
  venus::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
  alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO
  venus::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::NO
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_2048.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_3072.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.17..10.1.0.20]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-1.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE25519.*child-sas.*net-1.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-2.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=MODP_4096.*child-sas.*net-2.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.17..10.1.0.20] remote-ts=\[192.168.0.200/32]
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
  moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
  moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf

index 8c0f03f0a15f8ba6b0a33150dfe02e250dd8c95c..e539ea5f44df933b6b03ffe2c5b9ee905c728300 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf

index dcfcd0b4e338eb2127ed7141aa2dfa6142c0a9d6..fd2881064498838a07e71121403ca74656b8d53b 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
              remote_ts = 10.1.0.0/28 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp2048
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 1
-      proposals = aes128-sha256-modp2048
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf

index df1424dde550e1bad735159bce73fedd51341008..02f6c1b36265e42caf82190557a0e40ee71b1955 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf

index 8cd79ea20a8b4bab57ea8be4e521ad5626594dbd..cc6e936521cd03c64ba7ba44b5acab8481763439 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
              remote_ts = 10.1.0.17-10.1.0.20
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes192gcm128-modp3072
+            esp_proposals = aes192gcm128-modp4096
           }
        }
        version = 1 
-      proposals = aes192-sha384-modp3072
+      proposals = aes192-sha384-modp4096
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf

index 5f21901923704fd51cc699b563b8327ce511eed5..c4297996568ac3f04625ca273ddf0d1513d69b4b 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds 
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf

index be1bf8afe373324f4033ececc8766abf5ce32ed4..10dfc779ec42524f6adcfc56e7083a6800a5c612 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -15,11 +15,11 @@ connections {
              local_ts  = 10.1.0.0/28
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp2048
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 1 
-      proposals = aes128-sha256-modp2048
+      proposals = aes128-sha256-curve25519
     }
  
     rw-2 {
@@ -37,11 +37,11 @@ connections {
              local_ts  = 10.1.0.17-10.1.0.20
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes192gcm128-modp3072
+            esp_proposals = aes192gcm128-modp4096
           }
        }
        version = 1
-      proposals = aes192-sha384-modp3072
+      proposals = aes192-sha384-modp4096
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat

index 1f9fb0e0f98046e2a6178082c29423830d12cea2..c4d46e706832eb4b34b7896df94af6114368b897 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/evaltest.dat
@@ -1,7 +1,7 @@
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=192.168.0.1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=192.168.0.1 remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]
  alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
  alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
  moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf

index c560a37f599521a69010d958818b7e84e021aedb..53973cf6188424a464d41da5f7e3831171163850 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf

index 8b3863bb66b13df4c310d87e76d2d9bd377d33f8..5dbbd0b60814fb5d2dc7f90e79dc2ccb2a599d8e 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf
@@ -17,11 +17,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf

index c560a37f599521a69010d958818b7e84e021aedb..53973cf6188424a464d41da5f7e3831171163850 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf

index 83f3c0a7a043750863a59bfb41c40f2f749ad913..3fed61259f8b1c314d0785dad2f4ce4b9f61d7a9 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf
@@ -17,11 +17,11 @@ connections {
              remote_ts = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
  
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf

index c560a37f599521a69010d958818b7e84e021aedb..5efaed621b7caffdd20cf4d981bcf04b80847c67 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = random openssl
  }
  
  charon {
-  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink socket-default updown vici
+  load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici
  
    start-scripts {
      creds = /usr/local/sbin/swanctl --load-creds
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf

index 9b4f7cea205565fe611eeb866356c0dbdaef8225..a86ee74c7822d5f9813aa970abec6096e14c9a0e 100755 (executable)
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf
@@ -14,11 +14,11 @@ connections {
              local_ts  = 10.1.0.0/16 
  
              updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-modp3072
+            esp_proposals = aes128gcm128-curve25519
           }
        }
        version = 2
-      proposals = aes128-sha256-modp3072
+      proposals = aes128-sha256-curve25519
     }
  }
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 8 Nov 2016 12:50:14 +0000 (13:50 +0100)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 14 Nov 2016 15:20:51 +0000 (16:20 +0100)