peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create("android", &child);
- /* create ESP proposals with and without DH groups, let responder decide
- * if PFS is used */
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128gcm16-aes256gcm16-chacha20poly1305-"
- "curve25519-ecp256-modp3072"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-sha256-curve25519-ecp256-modp3072"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes256-sha384-ecp521-modp8192"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
- "curve25519-ecp256-ecp384-ecp521-"
- "modp2048-modp3072-modp4096"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128gcm16-aes256gcm16-chacha20poly1305"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-sha256"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes256-sha384"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+ proposal = parse_proposal(this, PROTO_ESP, "connection.esp_proposal");
+ if (proposal)
+ {
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+ else
+ { /* create ESP proposals with and without DH groups, let responder decide
+ * if PFS is used */
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128gcm16-aes256gcm16-chacha20poly1305-"
+ "curve25519-ecp256-modp3072"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-sha256-curve25519-ecp256-modp3072"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes256-sha384-ecp521-modp8192"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
+ "curve25519-ecp256-ecp384-ecp521-"
- "modp2048-modp3072-modp4096-modp1024"));
++ "modp2048-modp3072-modp4096"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128gcm16-aes256gcm16-chacha20poly1305"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-sha256"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes256-sha384"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+ }
ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);