From: Andreas Steffen Date: Mon, 20 Mar 2017 06:24:29 +0000 (+0100) Subject: Allow x25519 as an alias of the curve25519 KE algorithm X-Git-Tag: 5.5.2rc1~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efc1b9846134349133a8b295840fb260c074d96b;p=thirdparty%2Fstrongswan.git Allow x25519 as an alias of the curve25519 KE algorithm --- diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 8ceff3bebb..c44ed96a04 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -164,6 +164,7 @@ ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0 ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0 ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0 curve25519, DIFFIE_HELLMAN_GROUP, CURVE_25519, 0 +x25519, DIFFIE_HELLMAN_GROUP, CURVE_25519, 0 ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0 ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0 ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0 diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf index 28d19357f3..c7218e4de6 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm96-aesxcbc-curve25519! - esp=aes128ccm96-curve25519! + ike=aes128ccm96-aesxcbc-x25519! + esp=aes128ccm96-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf index c674ecc2fd..fdffa0f25c 100644 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ccm12-aesxcbc-curve25519! - esp=aes128ccm12-curve25519! + ike=aes128ccm12-aesxcbc-x25519! + esp=aes128ccm12-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf index 1650861507..b5aabdd388 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-curve25519! - esp=aes128ctr-aesxcbc-curve25519! + ike=aes128ctr-aesxcbc-x25519! + esp=aes128ctr-aesxcbc-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf index 73afe9874b..650b346eb5 100644 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128ctr-aesxcbc-curve25519! - esp=aes128ctr-aesxcbc-curve25519! + ike=aes128ctr-aesxcbc-x25519! + esp=aes128ctr-aesxcbc-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index 47f8f7f7cd..c6bc925e83 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm128-aesxcbc-curve25519! - esp=aes256gcm128-curve25519! + ike=aes256gcm128-aesxcbc-x25519! + esp=aes256gcm128-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 78ef62115e..1597aae794 100644 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256gcm16-aesxcbc-curve25519! - esp=aes256gcm16-curve25519! + ike=aes256gcm16-aesxcbc-x25519! + esp=aes256gcm16-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index f71f7b347b..93bafcec14 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-curve25519! - esp=aes128-aesxcbc-curve25519! + ike=aes128-aesxcbc-x25519! + esp=aes128-aesxcbc-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index a9ddd6a49d..13a1798823 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-aesxcbc-curve25519! - esp=aes128-aesxcbc-curve25519! + ike=aes128-aesxcbc-x25519! + esp=aes128-aesxcbc-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf index e2557dc0b0..6a1a1ad144 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256_96-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256_96-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf index c1d8d33ce5..41919c8766 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256_96-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256_96-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf index 1bae9405c0..b3548db921 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf index 1a1d99adfd..da8bff0390 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! - esp=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! + esp=aes128-sha256-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf index ddeb092e0c..e9122d4b1f 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-curve25519! - esp=aes192-sha384-curve25519! + ike=aes192-sha384-x25519! + esp=aes192-sha384-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf index 8041548343..e4b52732c6 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes192-sha384-curve25519! - esp=aes192-sha384-curve25519! + ike=aes192-sha384-x25519! + esp=aes192-sha384-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index 95edc62a7d..ebe0c277a0 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-curve25519! - esp=aes256gmac-curve25519! + ike=aes256-aesxcbc-x25519! + esp=aes256gmac-x25519! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index c3042f2b34..1fdb1bd278 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -8,8 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-curve25519! - esp=aes256gmac-curve25519! + ike=aes256-aesxcbc-x25519! + esp=aes256gmac-x25519! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf index e367cbf4a1..9991b0b24d 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! esp=null-sha256! conn home diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf index 84cad9a81d..2a2c4cb9c0 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -8,7 +8,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes128-sha256-curve25519! + ike=aes128-sha256-x25519! esp=null-sha256! conn rw diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf index b97935ad51..3e71395351 100755 --- a/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf index 71631b333f..c9e3c2b0cf 100755 --- a/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf index b97935ad51..3e71395351 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf index 71631b333f..c9e3c2b0cf 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf index 82f41ca54d..8b62b8d5ad 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf index b97935ad51..3e71395351 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf index 71631b333f..c9e3c2b0cf 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf index d6f178a786..de225022bb 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf index b97935ad51..3e71395351 100755 --- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf index 71631b333f..c9e3c2b0cf 100755 --- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf index bd65025d81..e700296095 100755 --- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf index 8179771886..810dfe9905 100755 --- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 priority = 2 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf index 28c8eaa72d..c56a34cbe6 100755 --- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf index 560627a55d..0245fda08c 100755 --- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { interface = eth0 policies_fwd_out = yes - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } shunts { diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf index 648941fe36..48653301bd 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf @@ -23,10 +23,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf index 902e5f03ac..7aa09c2968 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf @@ -23,10 +23,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf index e9c9d2637a..1b801e9ec1 100755 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf @@ -21,10 +21,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf index 7f188e1c9c..bcc2742f78 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf index d784bbd768..12cee0fc6d 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf index 7f188e1c9c..bcc2742f78 100755 --- a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf index d784bbd768..12cee0fc6d 100755 --- a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf index ed6e6f4b5d..cdf6bcaf5a 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf @@ -16,12 +16,12 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } gw-sun { local { diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf index 317a45dddc..404af8ed89 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.2.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf index 391cbedcd4..6f41f1f841 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf index 63a500e66c..b27593d75d 100755 --- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf @@ -24,12 +24,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf index 6832a23caf..4b578d0196 100755 --- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf @@ -24,12 +24,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf index f595e14b76..2e1b765022 100755 --- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = trap updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf index 5615986d69..3a523358d0 100755 --- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = none updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf index 7f188e1c9c..bcc2742f78 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf index d784bbd768..12cee0fc6d 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -22,12 +22,12 @@ connections { rekey_time = 5400 rekey_bytes = 500000000 rekey_packets = 1000000 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no reauth_time = 10800 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf index 5262e241f7..a72957b206 100755 --- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = start updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf index 5615986d69..3a523358d0 100755 --- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf @@ -20,11 +20,11 @@ connections { start_action = none updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 mobike = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf index 4b19e9384a..6fd22973fa 100644 --- a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { home { remote_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf index 7593ab087f..7103071954 100755 --- a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { net { local_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf index 4b19e9384a..6fd22973fa 100644 --- a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { home { remote_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf index 7593ab087f..7103071954 100755 --- a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { net { local_ts = 10.1.0.0/16 - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf index 6c348bf8fa..e0cc29233b 100755 --- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf @@ -19,17 +19,17 @@ connections { remote_ts = 10.1.0.0/16[icmp] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ssh { local_ts = dynamic[tcp] remote_ts = 10.1.0.0/16[tcp/ssh] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf index ba647f3adb..7851f43ec7 100755 --- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf @@ -18,7 +18,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ssh { local_ts = 10.1.0.0/16[tcp/ssh] @@ -26,10 +26,10 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf index a4993e4555..a752c2660f 100755 --- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf @@ -19,24 +19,24 @@ connections { remote_ts = 10.1.0.0/16[icmp/2048] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } icmp-rep { local_ts = dynamic[icmp/0] remote_ts = 10.1.0.0/16[icmp/0] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ftp-ssh { local_ts = dynamic[tcp/32768-65535] remote_ts = 10.1.0.0/16[tcp/21-22] updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf index 510a5cf0ff..3d140a335a 100755 --- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf @@ -18,7 +18,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } icmp-rep { local_ts = 10.1.0.0/16[icmp/0] @@ -26,7 +26,7 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } ftp-ssh { local_ts = 10.1.0.0/16[tcp/21-22] @@ -34,10 +34,10 @@ connections { hostaccess = yes updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf index 80c99d9f90..5484bc8a88 100755 --- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf index 484c3522c7..2c5c8f3ee2 100755 --- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf @@ -18,10 +18,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf index fa8a1fc49e..b938f0df52 100755 --- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -16,10 +16,10 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf index 75ffc28b8a..edb9710e2a 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf index a7d52b6ea9..b894dc7fbb 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf @@ -19,10 +19,10 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf index dd075e5e9c..6b1a2c281d 100755 --- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf index 07d35e4914..173b7ff4a3 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf index 4c1e07b5b3..04042cd79d 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf index 8e8260b660..9070fc3d48 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf @@ -16,11 +16,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 send_certreq = no - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf index 5bee1f5bf8..f01ee1270c 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf index 99c5b9e0ac..ac16338e2b 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf index 0f8e059b94..530abbd6e0 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf @@ -16,11 +16,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf index e4e15bafbb..61d81502a1 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -17,10 +17,10 @@ connections { remote_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-curve25519 + esp_proposals = aes128-sha256-x25519 } } version = 1 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf index 63d87c3f00..76a6c89706 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128-sha256-curve25519 + esp_proposals = aes128-sha256-x25519 } } version = 1 - proposals = aes128-sha256-curve25519,3des-sha1-modp2048 + proposals = aes128-sha256-x25519,3des-sha1-modp2048 } rw-2 { @@ -40,6 +40,6 @@ connections { } } version = 1 - proposals = 3des-sha1-modp2048,aes128-sha256-curve25519 + proposals = 3des-sha1-modp2048,aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf index 870ae3ff79..cfa7f7ed36 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf index b3eecc718f..0a8499cf1c 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf index bd22f41c87..1094172766 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf index fd28810644..35fbfdac80 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { remote_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 1 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf index 10dfc779ec..cd9c455049 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf @@ -15,11 +15,11 @@ connections { local_ts = 10.1.0.0/28 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 1 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } rw-2 { diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf index 5dbbd0b608..467a869c3f 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf index 3fed61259f..a9e866fe54 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { remote_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf index a86ee74c78..cb36d6ca07 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf @@ -14,11 +14,11 @@ connections { local_ts = 10.1.0.0/16 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf index a7cba5b09b..c5c67cf288 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } local-net { diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf index 1e94c2f456..1edbf338ce 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf @@ -17,11 +17,11 @@ connections { local_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf index a582f84748..9f925e9056 100755 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf @@ -18,11 +18,11 @@ connections { remote_ts = 0.0.0.0/0 updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm128-curve25519 + esp_proposals = aes128gcm128-x25519 } } version = 2 - proposals = aes128-sha256-curve25519 + proposals = aes128-sha256-x25519 } local-net {