configs {
- ike-ctr {
+ ike-v4 {
proposal = aes128ctr-aes128ccm8-aes128gcm8-aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-ctr {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ctr {
+ ike-v4 {
proposal = aes128ctr-aes128ccm8-aes128gcm8-aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-ctr {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ctr
+ config = child-v4
}
close_ike {
- config = ike-ctr
+ config = ike-v4
delay = 1
}
}
configs {
- ike-ctr {
+ ike-v4 {
proposal = aes128ctr-aes128ccm8-aes128gcm8-aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-ctr {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ctr {
+ ike-v4 {
proposal = aes128ctr-aes128ccm8-aes128gcm8-aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-ctr {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ctr
+ config = child-v4
}
close_ike {
- config = ike-ctr
+ config = ike-v4
delay = 1
}
}
actions {
initiate {
- config = child-gcm128
+ config = child-v4
}
}
configs {
- ike-gcm128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gcm128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-gcm128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gcm128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gcm256
+ config = child-v4
}
}
configs {
- ike-gcm256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gcm256 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-gcm256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gcm256 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gmac128
+ config = child-v4
}
}
configs {
- ike-gmac128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gmac128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-gmac128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gmac128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gmac256
+ config = child-v4
}
}
configs {
- ike-gmac256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gmac256 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-gmac256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gmac256 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gcm128
+ config = child-v4
}
}
configs {
- ike-gcm128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gcm128 {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16,aes128gmac,aes256gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-allb {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-allb {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16,aes128gmac,aes256gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gcm128
+ config = child-v4
}
}
configs {
- ike-gcm128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gcm128 {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16,aes128gmac,aes256gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-allb {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-allb {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16,aes128gmac,aes256gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-wrong {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
+ ike-v4 {
lid = 172.16.1.10
rid = 172.16.1.20
- child-wrong {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-wrong {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
# certificate IP to look it up, change ID in hook
lid = 172.16.1.99
rid = 172.16.1.10
- child-wrong {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-wrong
+ config = child-v4
}
}
-
-configs {
- ike-wrong {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-wrong {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
- }
-}
}
configs {
- ike-wrong {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
# certificate FQDN to look it up, change ID in hook
lid = ls.wrong.strongswan.org
rid = dut.strongswan.org
- child-wrong {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-wrong
+ config = child-v4
}
}
configs {
- ike-wrong {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
+ ike-v4 {
lid = dut@strongswan.org
rid = ls@strongswan.org
- child-wrong {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-wrong {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
# certificate E-Mail to look it up, change ID in hook
lid = ls.wrong@strongswan.org
rid = dut@strongswan.org
- child-wrong {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-wrong
+ config = child-v4
}
}
configs {
ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.rsa.strongswan.org
ecdsa_strength = 256
- child-rsa {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.rsa.strongswan.org
- rid = dut.strongswan.org
- child-rsa {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-rsa
+ config = child-v4
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.icarsa.strongswan.org
ecdsa_strength = 256
- child-rsa {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.icarsa.strongswan.org
- rid = dut.strongswan.org
- child-rsa {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-rsa
+ config = child-v4
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.256-256.strongswan.org
ecdsa_strength = 256
- child-256 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.256-256.strongswan.org
- rid = dut.strongswan.org
- child-256 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.256-384.strongswan.org
ecdsa_strength = 256
- child-256 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
- child-256 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
}
configs {
- ike-ecdsa {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.384-256.strongswan.org
ecdsa_strength = 384
- child-ecdsa {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-ecdsa {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.384-256.strongswan.org
- rid = dut.strongswan.org
- child-ecdsa {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-ecdsa
+ config = child-v4
}
}
configs {
- ike-ecdsa {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.icalowhigh.strongswan.org
ecdsa_strength = 384
- child-ecdsa {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-ecdsa {
+ ike-v4 {
proposal = aes128-sha256-ecp256,aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.icalowhigh.strongswan.org
- rid = dut.strongswan.org
- child-ecdsa {
+ child-v4 {
proposal = aes128gcm16,aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-ecdsa
+ config = child-v4
}
}
}
configs {
- ike-mixed {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.256-revrsa.strongswan.org
ecdsa_strength = 256
- child-mixed {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-mixed {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.256-revrsa.strongswan.org
- rid = dut.strongswan.org
- child-mixed {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-mixed
+ config = child-v4
}
}
}
configs {
- ike-mixed {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.revrsa.strongswan.org
ecdsa_strength = 384
- child-mixed {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-mixed {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.revrsa.strongswan.org
- rid = dut.strongswan.org
- child-mixed {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-mixed
+ config = child-v4
}
}
}
configs {
- ike-mixed {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.rev256.strongswan.org
ecdsa_strength = 384
- child-mixed {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-mixed {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.rev256.strongswan.org
- rid = dut.strongswan.org
- child-mixed {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-mixed
+ config = child-v4
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
rekey_child {
- config = child-128
+ config = child-v4
delay = 5
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16-ecp256
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16-ecp256
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
rekey_child {
- config = child-256
+ config = child-v4
delay = 5
}
}
configs {
- ike-256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-256 {
+ child-v4 {
proposal = aes256gcm16-ecp384
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-256 {
+ child-v4 {
proposal = aes256gcm16-ecp384
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16-ecp256
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
rekey_child {
- config = child-128
+ config = child-v4
delay = 5
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16-ecp256
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-256 {
+ child-v4 {
proposal = aes256gcm16-ecp384
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
rekey_child {
- config = child-256
+ config = child-v4
delay = 5
}
}
configs {
- ike-256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-256 {
+ child-v4 {
proposal = aes256gcm16-ecp384
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
lid = dut.256-384.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
rid = dut.256-384.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
rid = ls.256-384.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
ecdsa_strength = 384
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm8
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gcm8
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-128
+ config = child-v4
}
}
configs {
- ike-128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-128 {
+ child-v4 {
proposal = aes128gcm8
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-192
+ config = child-v4
}
}
configs {
- ike-192 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-192 {
+ child-v4 {
proposal = aes256gcm8
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
-
-configs {
- ike-ipv6 {
- proposal = aes128-sha1-modp1024
- lhost = 2001:0db8:aaaa:bbbb::0010
- rhost = 2001:0db8:aaaa:bbbb::0020
- lid = 2001:0db8:aaaa:bbbb::0010
- rid = 2001:0db8:aaaa:bbbb::0020
- child-ipv6 {
- lts = 2001:0db8:face:0010::/64
- rts = 2001:0db8:face:0020::/64
- }
- }
-}
actions {
initiate {
- config = child-ipv6
- }
-}
-
-configs {
- ike-ipv6 {
- proposal = aes128-sha1-modp1024
- lhost = 2001:0db8:aaaa:bbbb::0020
- rhost = 2001:0db8:aaaa:bbbb::0010
- lid = 2001:0db8:aaaa:bbbb::0020
- rid = 2001:0db8:aaaa:bbbb::0010
- child-ipv6 {
- lts = 2001:0db8:face:0020::/64
- rts = 2001:0db8:face:0010::/64
- }
+ config = child-v6
}
}
configs {
- ike-tfc {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-tfc {
+ ike-v4 {
+ child-v4 {
# ~20 bytes, for a 64 byte ICMP ping
tfc_padding = 100
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-tfc
+ config = child-v4
}
}
configs {
- ike-tfc {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-tfc {
+ ike-v4 {
+ child-v4 {
# ~100 bytes, for a 64 byte ICMP ping
tfc_padding = 180
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-tfc
+ config = child-v4
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-bitchanged.strongswan.org
- child-foo {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-bitchanged {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-bitchanged.strongswan.org
- rid = dut.strongswan.org
- child-bitchanged {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-bitchanged
+ config = child-v4
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-expired.strongswan.org
- child-foo {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-expired {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-expired.strongswan.org
- rid = dut.strongswan.org
- child-expired {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-expired
+ config = child-v4
}
}
configs {
- ike-ica384 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-ica384.strongswan.org
- child-ica384 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-ica384 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-ica384.strongswan.org
- rid = dut.strongswan.org
- child-ica384 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ica384
+ config = child-v4
}
}
configs {
- ike-ca3 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-ca3.strongswan.org
- child-ca3 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ca3 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-ca3.strongswan.org
- rid = dut.strongswan.org
- child-ca3 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ca3
+ config = child-v4
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = foo.example.com
- child-foo {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = foo.example.com
- rid = dut.strongswan.org
- child-foo {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-foo
+ config = child-v4
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = foo.example.net
- child-foo {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = foo.example.net
- rid = dut.strongswan.org
- child-foo {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-foo
+ config = child-v4
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = foo.example.net
- child-foo {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-foo {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = foo.example.net
- rid = dut.strongswan.org
- child-foo {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-foo
+ config = child-v4
}
}
configs {
- ike-ca2 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-ca2.strongswan.org
- child-ca2 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ca2 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-ca2.strongswan.org
- rid = dut.strongswan.org
- child-ca2 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ca2
+ config = child-v4
}
}
configs {
- ike-ca3 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-ca3.strongswan.org
- child-ca3 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ca3 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-ca3.strongswan.org
- rid = dut.strongswan.org
- child-ca3 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ca3
+ config = child-v4
}
}
configs {
- ike-ca2 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-ca2.strongswan.org
- child-ca2 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ca2 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-ca2.strongswan.org
- rid = dut.strongswan.org
- child-ca2 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ca2
+ config = child-v4
}
}
configs {
- ike-ca3 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-ca3.strongswan.org
- child-ca3 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-ca3 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-ca3.strongswan.org
- rid = dut.strongswan.org
- child-ca3 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-ca3
+ config = child-v4
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-pol.strongswan.org
cert_policy = 1.2.34.567
- child-pol {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-pol.strongswan.org
- rid = dut.strongswan.org
- child-pol {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-pol
+ config = child-v4
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-pol.strongswan.org
cert_policy = 1.2.34.567
- child-pol {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-pol.strongswan.org
- rid = dut.strongswan.org
- child-pol {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-pol
+ config = child-v4
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-pol.strongswan.org
cert_policy = 1.2.34.568
- child-pol {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-pol.strongswan.org
- rid = dut.strongswan.org
- child-pol {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-pol
+ config = child-v4
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-pol.strongswan.org
cert_policy = 1.2.34.5.2
- child-pol {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-pol.strongswan.org
- rid = dut.strongswan.org
- child-pol {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-pol
+ config = child-v4
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls-pol.strongswan.org
cert_policy = 1.2.34.5.2
- child-pol {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-pol {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls-pol.strongswan.org
- rid = dut.strongswan.org
- child-pol {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-pol
+ config = child-v4
}
}
configs {
- ike-untrusted {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.untrusted.strongswan.org
- child-untrusted {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-untrusted {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.untrusted.strongswan.org
- rid = dut.strongswan.org
- child-untrusted {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-untrusted
+ config = child-v4
}
}
configs {
- ike-untrusted {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.expired.strongswan.org
- child-untrusted {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-expired {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.expired.strongswan.org
- rid = dut.strongswan.org
- child-expired {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-expired
+ config = child-v4
}
}
}
configs {
- ike-revoked {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.revoked.strongswan.org
- child-revoked {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
}
configs {
- ike-revoked {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.revoked.strongswan.org
- rid = dut.strongswan.org
- child-revoked {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-revoked
+ config = child-v4
}
}
configs {
- ike-weak {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-weak {
+ ike-v4 {
+ child-v4 {
proposal = des-md5
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-weak
+ config = child-v4
}
}
configs {
- ike-weak {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-weak {
+ ike-v4 {
+ child-v4 {
proposal = des-md5
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
liveness {
- config = ike-weak
+ config = ike-v4
delay = 10
}
}
configs {
- ike-rfc822 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
+ ike-v4 {
lid = dut@strongswan.org
rid = ls@strongswan.org
- child-rfc822 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
actions {
initiate {
- config = child-rfc822
+ config = child-v4
}
}
}
configs {
- ike-rfc822 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls@strongswan.org
rid = dut@strongswan.org
- child-rfc822 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
configs {
- ike-ipv6 {
- proposal = aes128-sha1-modp1024
- lhost = 2001:0db8:aaaa:bbbb::0010
- rhost = 2001:0db8:aaaa:bbbb::0020
+ ike-v6 {
lid = 2001:0db8:aaaa:bbbb::0010
rid = 2001:0db8:aaaa:bbbb::0020
- child-ipv6 {
- lts = 2001:0db8:face:0010::/64
- rts = 2001:0db8:face:0020::/64
- }
}
}
actions {
initiate {
- config = child-ipv6
+ config = child-v6
}
}
configs {
- ike-ipv6 {
- proposal = aes128-sha1-modp1024
- lhost = 2001:0db8:aaaa:bbbb::0020
- rhost = 2001:0db8:aaaa:bbbb::0010
+ ike-v6 {
lid = 2001:0db8:aaaa:bbbb::0020
rid = 2001:0db8:aaaa:bbbb::0010
- child-ipv6 {
- lts = 2001:0db8:face:0020::/64
- rts = 2001:0db8:face:0010::/64
- }
}
}
actions {
initiate {
- config = child-gcm128
+ config = child-v4
}
}
configs {
- ike-gcm128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gcm128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-gcm128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gcm128 {
+ child-v4 {
proposal = aes128gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gmac128
+ config = child-v4
}
}
configs {
- ike-gmac128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gmac128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-gmac128 {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gmac128 {
+ child-v4 {
proposal = aes128gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gcm256
+ config = child-v4
}
}
configs {
- ike-gcm256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gcm256 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-gcm256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gcm256 {
+ child-v4 {
proposal = aes256gcm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-gmac256
+ config = child-v4
}
}
configs {
- ike-gmac256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-gmac256 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-gmac256 {
+ ike-v4 {
proposal = aes256-sha384-ecp384
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-gmac256 {
+ child-v4 {
proposal = aes256gmac
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
lport = 1234
- rhost = 172.16.1.10
rport = 4500
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
child-nat {
transport = yes
lts = 172.16.1.10/32
- rts = 10.20.20.0/24
}
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
+ child-v4 {
transport = yes
- lts = 10.20.20.0/24
rts = 172.16.1.10/32
}
}
configs {
- ike-nat {
+ ike-v4 {
# require real NAT for port mapping changes
# fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
liveness {
- config = ike-nat
+ config = ike-v4
delay = 5
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-nat {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-nat {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
actions {
initiate {
- config = child-4500
+ config = child-v4
}
}
configs {
- ike-4500 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
+ ike-v4 {
lport = 4500
- rhost = 172.16.1.10
rport = 4500
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-4500 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
preload = socket-dynamic
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
lport = 1234
- rhost = 172.16.1.20
rport = 4500
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-nat {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-nat {
+ ike-v4 {
# can be disabled if behind real NAT
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nat {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
configs {
- ike-nat {
+ ike-v4 {
fake_nat = yes
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-nat {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
actions {
initiate {
- config = child-nat
+ config = child-v4
}
}
configs {
- ike-suiteb {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-suiteb {
+ child-v4 {
proposal = aes128gcm16-aes128ccm16
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
}
}
}
configs {
- ike-suiteb {
+ ike-v4 {
proposal = aes128-sha256-ecp256
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-suiteb {
+ child-v4 {
proposal = aes128gcm16-aes128ccm16
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
}
}
}
actions {
initiate {
- config = child-suiteb
+ config = child-v4
}
}
-configs {
- ike-ipv6 {
- proposal = aes128-sha1-modp1024
- lhost = 2001:0db8:aaaa:bbbb::0010
- rhost = 2001:0db8:aaaa:bbbb::0020
- lid = dut.strongswan.org
- rid = ls.strongswan.org
- child-ipv6 {
- lts = 2001:0db8:face:0010::/64
- rts = 2001:0db8:face:0020::/64
- }
- }
-}
-
actions {
initiate {
- config = child-ipv6
+ config = child-v6
}
}
-configs {
- ike-ipv6 {
- proposal = aes128-sha1-modp1024
- lhost = 2001:0db8:aaaa:bbbb::0020
- rhost = 2001:0db8:aaaa:bbbb::0010
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-ipv6 {
- lts = 2001:0db8:face:0020::/64
- rts = 2001:0db8:face:0010::/64
- }
- }
-}
-
hooks {
log_ts {
}
configs {
- ike-nomatch {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-nomatch {
+ ike-v4 {
+ child-v4 {
lts = 1.2.3.4/32
rts = 2.3.4.5/32
}
actions {
initiate {
- config = child-nomatch
+ config = child-v4
}
}
configs {
- ike-multits {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-multits {
+ ike-v4 {
+ child-v4 {
lts = 10.20.20.0/26,1.2.3.4/32
rts = 10.10.10.0/26,2.3.4.5/32
}
actions {
initiate {
- config = child-multits
+ config = child-v4
}
}
configs {
- ike-multits {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-multits {
+ ike-v4 {
+ child-v4 {
lts = 1.2.3.4/32,10.20.20.0/26
rts = 2.3.4.5/32,10.10.10.0/26
}
actions {
initiate {
- config = child-multits
+ config = child-v4
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.rsa.strongswan.org
ecdsa_strength = 256
- child-rsa {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.rsa.strongswan.org
- rid = dut.strongswan.org
- child-rsa {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-rsa
+ config = child-v4
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.256-256.strongswan.org
ecdsa_strength = 256
- child-256 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.256-256.strongswan.org
- rid = dut.strongswan.org
- child-256 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.256-384.strongswan.org
ecdsa_strength = 256
- child-256 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.256-384.strongswan.org
- rid = dut.strongswan.org
- child-256 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.rsa.strongswan.org
ecdsa_strength = 384
- child-rsa {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-rsa {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.rsa.strongswan.org
- rid = dut.strongswan.org
- child-rsa {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
rsa-ls-rsa = ls-rsa.key
}
-
actions {
initiate {
- config = child-rsa
+ config = child-v4
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
+ ike-v4 {
rid = ls.256-256.strongswan.org
ecdsa_strength = 384
- child-256 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
configs {
- ike-256 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
+ ike-v4 {
lid = ls.256-256.strongswan.org
- rid = dut.strongswan.org
- child-256 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
}
}
actions {
initiate {
- config = child-256
+ config = child-v4
}
}
configs {
- ike-384 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.10
- rhost = 172.16.1.20
- lid = dut.strongswan.org
- rid = ls.strongswan.org
+ ike-v4 {
ecdsa_strength = 384
- child-384 {
- lts = 10.10.10.0/24
- rts = 10.20.20.0/24
- }
}
}
-configs {
- ike-384 {
- proposal = aes128-sha1-modp1024
- lhost = 172.16.1.20
- rhost = 172.16.1.10
- lid = ls.strongswan.org
- rid = dut.strongswan.org
- child-384 {
- lts = 10.20.20.0/24
- rts = 10.10.10.0/24
- }
- }
-}
-
actions {
initiate {
- config = child-384
+ config = child-v4
}
}
projects / thirdparty / strongswan.git / commitdiff
