--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+ crypto_test {
+ on_add = yes
+ }
+}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
}
pluto {
- load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+ crypto_test {
+ on_add = yes
+ }
+}
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+ load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+ crypto_test {
+ on_add = yes
+ }
+}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
rightsendcert=never
rightauth=eap-aka
eap_identity=%any
- right=%any
auto=add
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_CAROL
leftnexthop=%direct
leftid=carol@strongswan.org
+ leftauth=eap
leftfirewall=yes
eap_identity=carol
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
+ rightauth=pubkey
auto=add
keyexchange=ikev2
conn rw-eap
- authby=rsasig
- eap=radius
- eap_identity=%identity
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftcert=moonCert.pem
+ leftauth=pubkey
leftfirewall=yes
rightid=*@strongswan.org
rightsendcert=never
+ rightauth=eap-radius
+ eap_identity=%any
right=%any
auto=add
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_CAROL
leftnexthop=%direct
leftid=carol@strongswan.org
+ leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
+ rightauth=pubkey
auto=add
keyexchange=ikev2
conn rw-eap
- authby=rsasig
- eap=radius
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftcert=moonCert.pem
+ leftauth=pubkey
leftfirewall=yes
rightid=*@strongswan.org
+ rightauth=eap-radius
rightsendcert=never
right=%any
auto=add
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_CAROL
leftnexthop=%direct
leftid=carol@strongswan.org
+ leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
+ rightauth=pubkey
auto=add
keyexchange=ikev2
conn rw-eap
- authby=rsasig
- eap=md5
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftcert=moonCert.pem
+ leftauth=pubkey
leftfirewall=yes
rightid=*@strongswan.org
+ rightauth=eap-md5
rightsendcert=never
right=%any
auto=add
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_CAROL
leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
+ leftauth=eap
eap_identity=228060123456001
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
+ rightauth=pubkey
auto=add
keyexchange=ikev2
conn rw-eap
- authby=rsasig
- eap=radius
- eap_identity=%identity
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftcert=moonCert.pem
+ leftauth=pubkey
leftfirewall=yes
rightid=*@strongswan.org
+ rightauth=eap-radius
+ eap_identity=%any
rightsendcert=never
right=%any
auto=add
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_CAROL
leftnexthop=%direct
leftid=carol@strongswan.org
+ leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
+ rightauth=pubkey
auto=add
keyexchange=ikev2
conn rw-eapsim
- authby=rsasig
- eap=sim
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftcert=moonCert.pem
+ leftauth=pubkey
leftfirewall=yes
rightid=*@strongswan.org
+ rightauth=eap-sim
right=%any
rightsendcert=never
auto=add
pluto {
load = openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
pluto {
load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
pluto {
load = openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
pluto {
load = openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
pluto {
load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
pluto {
load = openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- authby=ecdsasig
conn home
left=PH_IP_CAROL
pluto {
load = openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- authby=ecdsasig
conn home
left=PH_IP_DAVE
pluto {
load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- authby=ecdsasig
conn carol
also=moon
pluto {
load = openssl pubkey random hmac curl
}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- dh_exponent_ansi_x9_42 = no
load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
}
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=ecdsasig
conn home
left=PH_IP_CAROL
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=ecdsasig
conn home
left=PH_IP_DAVE
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=ecdsasig
conn rw
left=PH_IP_MOON
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+ load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown
}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
+}
+
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ required = yes
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- dh_exponent_ansi_x9_42 = no
- load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+ load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}
database = sqlite:///etc/ipsec.d/ipsec.db
}
}
- load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+ load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
+}
+
+libstrongswan {
+ crypto_test {
+ on_add = yes
+ }
}