From: Andreas Steffen Date: Mon, 25 Jun 2012 11:04:55 +0000 (+0200) Subject: updated default configuration of UML hosts to 5.0.0 X-Git-Tag: 5.0.0~63 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d476b4266e1ca769df1632d70f898c01fc5cc6d;p=thirdparty%2Fstrongswan.git updated default configuration of UML hosts to 5.0.0 --- diff --git a/testing/hosts/alice/etc/ipsec.conf b/testing/hosts/alice/etc/ipsec.conf index 134c1c032d..0671537e99 100755 --- a/testing/hosts/alice/etc/ipsec.conf +++ b/testing/hosts/alice/etc/ipsec.conf @@ -1,21 +1,15 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - nat_traversal=yes - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 conn nat-t - left=%defaultroute + left=%any leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/alice/etc/strongswan.conf +++ b/testing/hosts/alice/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/hosts/bob/etc/ipsec.conf b/testing/hosts/bob/etc/ipsec.conf index 62c0ec787d..5896c34364 100755 --- a/testing/hosts/bob/etc/ipsec.conf +++ b/testing/hosts/bob/etc/ipsec.conf @@ -1,24 +1,18 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - nat_traversal=yes - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 conn nat-t - left=%defaultroute + left=%any leftcert=bobCert.pem leftid=bob@strongswan.org leftfirewall=yes right=%any - rightsubnetwithin=10.1.0.0/16 + rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/bob/etc/strongswan.conf +++ b/testing/hosts/bob/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/hosts/carol/etc/ipsec.conf b/testing/hosts/carol/etc/ipsec.conf index 1def6ca99c..0848ee716d 100755 --- a/testing/hosts/carol/etc/ipsec.conf +++ b/testing/hosts/carol/etc/ipsec.conf @@ -1,17 +1,12 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 conn home left=PH_IP_CAROL diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/carol/etc/strongswan.conf +++ b/testing/hosts/carol/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/hosts/dave/etc/ipsec.conf b/testing/hosts/dave/etc/ipsec.conf index c9d559f0d9..96502581e5 100755 --- a/testing/hosts/dave/etc/ipsec.conf +++ b/testing/hosts/dave/etc/ipsec.conf @@ -1,17 +1,12 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 conn home left=PH_IP_DAVE diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/dave/etc/strongswan.conf +++ b/testing/hosts/dave/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/hosts/moon/etc/ipsec.conf b/testing/hosts/moon/etc/ipsec.conf index b1e6549cf7..6ee481e495 100755 --- a/testing/hosts/moon/etc/ipsec.conf +++ b/testing/hosts/moon/etc/ipsec.conf @@ -1,17 +1,12 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/moon/etc/strongswan.conf +++ b/testing/hosts/moon/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/hosts/sun/etc/ipsec.conf b/testing/hosts/sun/etc/ipsec.conf index 083e589702..277928ec1f 100755 --- a/testing/hosts/sun/etc/ipsec.conf +++ b/testing/hosts/sun/etc/ipsec.conf @@ -1,18 +1,12 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - nat_traversal=yes - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org @@ -33,5 +27,5 @@ conn host-host conn nat-t leftsubnet=10.2.0.0/16 right=%any - rightsubnetwithin=10.1.0.0/16 + rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/sun/etc/strongswan.conf +++ b/testing/hosts/sun/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/hosts/venus/etc/ipsec.conf b/testing/hosts/venus/etc/ipsec.conf index 86cd6c9d45..dd6a82f89a 100755 --- a/testing/hosts/venus/etc/ipsec.conf +++ b/testing/hosts/venus/etc/ipsec.conf @@ -1,21 +1,15 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - nat_traversal=yes - charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - keyexchange=ikev1 conn nat-t - left=%defaultroute + left=%any leftcert=venusCert.pem leftid=@venus.strongswan.org leftfirewall=yes diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf index c4c200a07c..f7a87e90cf 100644 --- a/testing/hosts/venus/etc/strongswan.conf +++ b/testing/hosts/venus/etc/strongswan.conf @@ -1,11 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file -pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke } -# pluto uses optimized DH exponent sizes (RFC 3526) - libstrongswan { dh_exponent_ansi_x9_42 = no }