Allow x25519 as an alias of the curve25519 KE algorithm
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 20 Mar 2017 06:24:29 +0000 (07:24 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 20 Mar 2017 20:18:00 +0000 (21:18 +0100)
84 files changed:
src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
testing/tests/swanctl/config-payload/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/config-payload/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/ip-pool-db/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/ip-pool-db/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/ip-pool-db/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/ip-pool/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/ip-pool/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/ip-pool/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/manual-prio/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/manual-prio/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/manual-prio/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-gw/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-gw/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-multicast/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-multicast/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-route/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-route/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-start/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/net2net-start/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/protoport-dual/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/protoport-dual/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/protoport-range/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/protoport-range/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-dnssec/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-dnssec/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-dnssec/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/swanctl/swanctl.conf
testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/swanctl/swanctl.conf
testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/swanctl/swanctl.conf
testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/swanctl/swanctl.conf
testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/swanctl/swanctl.conf

index 8ceff3b..c44ed96 100644 (file)
@@ -164,6 +164,7 @@ ecp256bp,         DIFFIE_HELLMAN_GROUP, ECP_256_BP,                0
 ecp384bp,         DIFFIE_HELLMAN_GROUP, ECP_384_BP,                0
 ecp512bp,         DIFFIE_HELLMAN_GROUP, ECP_512_BP,                0
 curve25519,       DIFFIE_HELLMAN_GROUP, CURVE_25519,               0
+x25519,           DIFFIE_HELLMAN_GROUP, CURVE_25519,               0
 ntru112,          DIFFIE_HELLMAN_GROUP, NTRU_112_BIT,              0
 ntru128,          DIFFIE_HELLMAN_GROUP, NTRU_128_BIT,              0
 ntru192,          DIFFIE_HELLMAN_GROUP, NTRU_192_BIT,              0
index 28d1935..c7218e4 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128ccm96-aesxcbc-curve25519!
-       esp=aes128ccm96-curve25519!
+       ike=aes128ccm96-aesxcbc-x25519!
+       esp=aes128ccm96-x25519!
 
 conn home
        left=PH_IP_CAROL
index c674ecc..fdffa0f 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128ccm12-aesxcbc-curve25519!
-       esp=aes128ccm12-curve25519!
+       ike=aes128ccm12-aesxcbc-x25519!
+       esp=aes128ccm12-x25519!
 
 conn rw
        left=PH_IP_MOON
index 1650861..b5aabdd 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128ctr-aesxcbc-curve25519!
-       esp=aes128ctr-aesxcbc-curve25519!
+       ike=aes128ctr-aesxcbc-x25519!
+       esp=aes128ctr-aesxcbc-x25519!
 
 conn home
        left=PH_IP_CAROL
index 73afe98..650b346 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128ctr-aesxcbc-curve25519!
-       esp=aes128ctr-aesxcbc-curve25519!
+       ike=aes128ctr-aesxcbc-x25519!
+       esp=aes128ctr-aesxcbc-x25519!
 
 conn rw
        left=PH_IP_MOON
index 47f8f7f..c6bc925 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes256gcm128-aesxcbc-curve25519!
-       esp=aes256gcm128-curve25519!
+       ike=aes256gcm128-aesxcbc-x25519!
+       esp=aes256gcm128-x25519!
 
 conn home
        left=PH_IP_CAROL
index 78ef621..1597aae 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes256gcm16-aesxcbc-curve25519!
-       esp=aes256gcm16-curve25519!
+       ike=aes256gcm16-aesxcbc-x25519!
+       esp=aes256gcm16-x25519!
 
 conn rw
        left=PH_IP_MOON
index f71f7b3..93bafce 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-aesxcbc-curve25519!
-       esp=aes128-aesxcbc-curve25519!
+       ike=aes128-aesxcbc-x25519!
+       esp=aes128-aesxcbc-x25519!
 
 conn home
        left=PH_IP_CAROL
index a9ddd6a..13a1798 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-aesxcbc-curve25519!
-       esp=aes128-aesxcbc-curve25519!
+       ike=aes128-aesxcbc-x25519!
+       esp=aes128-aesxcbc-x25519!
 
 conn rw
        left=PH_IP_MOON
index e2557dc..6a1a1ad 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-sha256-curve25519!
-       esp=aes128-sha256_96-curve25519!
+       ike=aes128-sha256-x25519!
+       esp=aes128-sha256_96-x25519!
 
 conn home
        left=PH_IP_CAROL
index c1d8d33..41919c8 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-sha256-curve25519!
-       esp=aes128-sha256_96-curve25519!
+       ike=aes128-sha256-x25519!
+       esp=aes128-sha256_96-x25519!
 
 conn rw
        left=PH_IP_MOON
index 1bae940..b3548db 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-sha256-curve25519!
-       esp=aes128-sha256-curve25519!
+       ike=aes128-sha256-x25519!
+       esp=aes128-sha256-x25519!
 
 conn home
        left=PH_IP_CAROL
index 1a1d99a..da8bff0 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-sha256-curve25519!
-       esp=aes128-sha256-curve25519!
+       ike=aes128-sha256-x25519!
+       esp=aes128-sha256-x25519!
 
 conn rw
        left=PH_IP_MOON
index ddeb092..e9122d4 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes192-sha384-curve25519!
-       esp=aes192-sha384-curve25519!
+       ike=aes192-sha384-x25519!
+       esp=aes192-sha384-x25519!
 
 conn home
        left=PH_IP_CAROL
index 8041548..e4b5273 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes192-sha384-curve25519!
-       esp=aes192-sha384-curve25519!
+       ike=aes192-sha384-x25519!
+       esp=aes192-sha384-x25519!
 
 conn rw
        left=PH_IP_MOON
index 95edc62..ebe0c27 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes256-aesxcbc-curve25519!
-       esp=aes256gmac-curve25519!
+       ike=aes256-aesxcbc-x25519!
+       esp=aes256gmac-x25519!
 
 conn home
        left=PH_IP_CAROL
index c3042f2..1fdb1bd 100644 (file)
@@ -8,8 +8,8 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes256-aesxcbc-curve25519!
-       esp=aes256gmac-curve25519!
+       ike=aes256-aesxcbc-x25519!
+       esp=aes256gmac-x25519!
 
 conn rw
        left=PH_IP_MOON
index e367cbf..9991b0b 100644 (file)
@@ -8,7 +8,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-sha256-curve25519!
+       ike=aes128-sha256-x25519!
        esp=null-sha256!
 
 conn home
index 84cad9a..2a2c4cb 100644 (file)
@@ -8,7 +8,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
-       ike=aes128-sha256-curve25519!
+       ike=aes128-sha256-x25519!
        esp=null-sha256!
 
 conn rw
index b97935a..3e71395 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 71631b3..c9e3c2b 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index b97935a..3e71395 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 71631b3..c9e3c2b 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 82f41ca..8b62b8d 100755 (executable)
@@ -17,10 +17,10 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index b97935a..3e71395 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 71631b3..c9e3c2b 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index d6f178a..de22502 100755 (executable)
@@ -17,10 +17,10 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index b97935a..3e71395 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 71631b3..c9e3c2b 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index bd65025..e700296 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 8179771..810dfe9 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
             priority = 2
 
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 
    shunts {
index 28c8eaa..c56a34c 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 
    shunts {
index 560627a..0245fda 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             interface = eth0
             policies_fwd_out = yes
 
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 
    shunts {
index 648941f..4865330 100755 (executable)
@@ -23,10 +23,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 902e5f0..7aa09c2 100755 (executable)
@@ -23,10 +23,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index e9c9d26..1b801e9 100755 (executable)
@@ -21,10 +21,10 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 7f188e1..bcc2742 100755 (executable)
@@ -22,12 +22,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index d784bbd..12cee0f 100755 (executable)
@@ -22,12 +22,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 7f188e1..bcc2742 100755 (executable)
@@ -22,12 +22,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index d784bbd..12cee0f 100755 (executable)
@@ -22,12 +22,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index ed6e6f4..cdf6bca 100755 (executable)
@@ -16,12 +16,12 @@ connections {
             remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
    gw-sun {
       local {
index 317a45d..404af8e 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.2.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 391cbed..6f41f1f 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 63a500e..b27593d 100755 (executable)
@@ -24,12 +24,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 6832a23..4b578d0 100755 (executable)
@@ -24,12 +24,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index f595e14..2e1b765 100755 (executable)
@@ -20,11 +20,11 @@ connections {
 
             start_action = trap 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 5615986..3a52335 100755 (executable)
@@ -20,11 +20,11 @@ connections {
 
             start_action = none
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 7f188e1..bcc2742 100755 (executable)
@@ -22,12 +22,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index d784bbd..12cee0f 100755 (executable)
@@ -22,12 +22,12 @@ connections {
             rekey_time = 5400
             rekey_bytes = 500000000
             rekey_packets = 1000000
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
       reauth_time = 10800
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 5262e24..a72957b 100755 (executable)
@@ -20,11 +20,11 @@ connections {
 
             start_action = start 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 5615986..3a52335 100755 (executable)
@@ -20,11 +20,11 @@ connections {
 
             start_action = none
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       mobike = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 4b19e93..6fd2297 100644 (file)
@@ -18,11 +18,11 @@ connections {
          home {
             remote_ts = 10.1.0.0/16 
 
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 7593ab0..7103071 100755 (executable)
@@ -16,10 +16,10 @@ connections {
          net {
             local_ts  = 10.1.0.0/16 
 
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 4b19e93..6fd2297 100644 (file)
@@ -18,11 +18,11 @@ connections {
          home {
             remote_ts = 10.1.0.0/16 
 
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 7593ab0..7103071 100755 (executable)
@@ -16,10 +16,10 @@ connections {
          net {
             local_ts  = 10.1.0.0/16 
 
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 6c348bf..e0cc292 100755 (executable)
@@ -19,17 +19,17 @@ connections {
             remote_ts = 10.1.0.0/16[icmp]
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
          ssh {
             local_ts  = dynamic[tcp]
             remote_ts = 10.1.0.0/16[tcp/ssh]
             
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index ba647f3..7851f43 100755 (executable)
@@ -18,7 +18,7 @@ connections {
 
             hostaccess = yes
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
          ssh {
             local_ts  = 10.1.0.0/16[tcp/ssh]
@@ -26,10 +26,10 @@ connections {
 
             hostaccess = yes
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index a4993e4..a752c26 100755 (executable)
@@ -19,24 +19,24 @@ connections {
             remote_ts = 10.1.0.0/16[icmp/2048]
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
          icmp-rep {
             local_ts  = dynamic[icmp/0]
             remote_ts = 10.1.0.0/16[icmp/0]
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
          ftp-ssh {
             local_ts  = dynamic[tcp/32768-65535]
             remote_ts = 10.1.0.0/16[tcp/21-22]
             
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 510a5cf..3d140a3 100755 (executable)
@@ -18,7 +18,7 @@ connections {
 
             hostaccess = yes
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
          icmp-rep {
             local_ts  = 10.1.0.0/16[icmp/0]
@@ -26,7 +26,7 @@ connections {
 
             hostaccess = yes
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
          ftp-ssh {
             local_ts  = 10.1.0.0/16[tcp/21-22]
@@ -34,10 +34,10 @@ connections {
 
             hostaccess = yes
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 80c99d9..5484bc8 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 484c352..2c5c8f3 100755 (executable)
@@ -18,10 +18,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index fa8a1fc..b938f0d 100755 (executable)
@@ -16,10 +16,10 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 75ffc28..edb9710 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index a7d52b6..b894dc7 100755 (executable)
@@ -19,10 +19,10 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index dd075e5..6b1a2c2 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 07d35e4..173b7ff 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       send_certreq = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 4c1e07b..04042cd 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       send_certreq = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 8e8260b..9070fc3 100755 (executable)
@@ -16,11 +16,11 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
       send_certreq = no
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 5bee1f5..f01ee12 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 99c5b9e..ac16338 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 0f8e059..530abbd 100755 (executable)
@@ -16,11 +16,11 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index e4e15ba..61d8150 100755 (executable)
@@ -17,10 +17,10 @@ connections {
             remote_ts = 10.1.0.0/28 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128-sha256-curve25519
+            esp_proposals = aes128-sha256-x25519
          }
       }
       version = 1
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
index 63d87c3..76a6c89 100755 (executable)
@@ -15,11 +15,11 @@ connections {
             local_ts  = 10.1.0.0/28
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128-sha256-curve25519
+            esp_proposals = aes128-sha256-x25519
          }
       }
       version = 1 
-      proposals = aes128-sha256-curve25519,3des-sha1-modp2048
+      proposals = aes128-sha256-x25519,3des-sha1-modp2048
    }
 
    rw-2 {
@@ -40,6 +40,6 @@ connections {
          }
       }
       version = 1
-      proposals = 3des-sha1-modp2048,aes128-sha256-curve25519
+      proposals = 3des-sha1-modp2048,aes128-sha256-x25519
    }
 }
index 870ae3f..cfa7f7e 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index b3eecc7..0a8499c 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index bd22f41..1094172 100755 (executable)
@@ -15,11 +15,11 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index fd28810..35fbfda 100755 (executable)
@@ -15,11 +15,11 @@ connections {
             remote_ts = 10.1.0.0/28 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 1
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 10dfc77..cd9c455 100755 (executable)
@@ -15,11 +15,11 @@ connections {
             local_ts  = 10.1.0.0/28
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 1 
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 
    rw-2 {
index 5dbbd0b..467a869 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index 3fed612..a9e866f 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             remote_ts = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index a86ee74..cb36d6c 100755 (executable)
@@ -14,11 +14,11 @@ connections {
             local_ts  = 10.1.0.0/16 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index a7cba5b..c5c67cf 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 0.0.0.0/0 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 
    local-net {
index 1e94c2f..1edbf33 100755 (executable)
@@ -17,11 +17,11 @@ connections {
             local_ts  = 0.0.0.0/0
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 }
 
index a582f84..9f925e9 100755 (executable)
@@ -18,11 +18,11 @@ connections {
             remote_ts = 0.0.0.0/0 
 
             updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-curve25519
+            esp_proposals = aes128gcm128-x25519
          }
       }
       version = 2
-      proposals = aes128-sha256-curve25519
+      proposals = aes128-sha256-x25519
    }
 
    local-net {