Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
<b>BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
-<b>BLOWFISH_CBC_256 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
+<b>BLOWFISH_CBC_256 / HMAC_SHA2_512</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
-carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES
+moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES
carol::ip xfrm state::enc cbc(blowfish)::YES
moon::ip xfrm state::enc cbc(blowfish)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
rekeymargin=3m
keyingtries=1
ike=blowfish256-sha2_512-modp4096!
- esp=blowfish256-sha2_256!
+ esp=blowfish256-sha2_512!
conn home
left=PH_IP_CAROL
rekeymargin=3m
keyingtries=1
ike=blowfish256-sha2_512-modp4096!
- esp=blowfish256-sha2_256!
+ esp=blowfish256-sha2_512!
conn rw
left=PH_IP_MOON
moon::ipsec start
carol::sleep 2
carol::ipsec up home
+carol::sleep 1
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the rather strong cipher suite
-<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_1536</b> for the IKE protocol and
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
+<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_2048</b> for the IKE protocol and
<b>AES_CBC_128 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
<b>alice</b> successfully checks the established tunnel.
-
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
-moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
+moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
carol::ip xfrm state::auth hmac(sha256)::YES
moon::ip xfrm state::auth hmac(sha256)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha2_256-modp1536!
- esp=aes128-sha2_256!
+ ike=aes128-sha256-modp2048!
+ esp=aes128-sha256!
conn home
left=PH_IP_CAROL
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes128-sha2_256-modp1536!
- esp=aes128-sha2_256!
+ ike=aes128-sha256-modp2048!
+ esp=aes128-sha256!
conn rw
left=PH_IP_MOON
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::ipsec statusall::AES_CCM_12_128::YES
carol::ipsec statusall::AES_CCM_12_128::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES
carol::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES
moon::ip xfrm state::rfc3686(ctr(aes))::YES
carol::ip xfrm state::rfc3686(ctr(aes))::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::ipsec statusall::AES_GCM_16_256::YES
carol::ipsec statusall::AES_GCM_16_256::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
-
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
carol::ip xfrm state::auth xcbc(aes)::YES
moon::ip xfrm state::auth xcbc(aes)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>CAMELLIA_CBC_192 / HMAC_SHA2_256</b> by defining <b>esp=camellia192-sha2_256</b>
+<b>CAMELLIA_CBC_192 / HMAC_SHA2_384</b> by defining <b>esp=camellia192-sha384</b>
in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
the established tunnel.
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_384::YES
+moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_384::YES
carol::ip xfrm state::enc cbc(camellia)::YES
moon::ip xfrm state::enc cbc(camellia)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes192-sha2_256-modp2048!
- esp=camellia192-sha2_256!
+ ike=aes192-sha384-modp3072!
+ esp=camellia192-sha384!
conn home
left=PH_IP_CAROL
keylife=20m
rekeymargin=3m
keyingtries=1
- ike=aes192-sha2_256-modp2048!
- esp=camellia192-sha2_256!
+ ike=aes192-sha384-modp3072!
+ esp=camellia192-sha384!
conn rw
left=PH_IP_MOON
moon::ipsec start
carol::sleep 2
carol::ipsec up home
+carol::sleep 1
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
moon::ip xfrm state::enc cbc(des)::YES
carol::ip xfrm state::enc cbc(des)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
moon::ip xfrm state::enc ecb(cipher_null)::YES
carol::ip xfrm state::enc ecb(cipher_null)::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS=""
+TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
projects / thirdparty / strongswan.git / commitdiff
