adapted IKEv2 scenarios to new crypto proposal output
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 20 May 2009 06:04:01 +0000 (08:04 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 20 May 2009 06:04:01 +0000 (08:04 +0200)
32 files changed:
testing/tests/ikev2/alg-aes-xcbc/description.txt
testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
testing/tests/ikev2/alg-blowfish/description.txt [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/evaltest.dat [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/posttest.dat [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/pretest.dat [new file with mode: 0644]
testing/tests/ikev2/alg-blowfish/test.conf [new file with mode: 0644]
testing/tests/ikev2/crl-strict/description.txt [deleted file]
testing/tests/ikev2/crl-strict/evaltest.dat [deleted file]
testing/tests/ikev2/crl-strict/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/crl-strict/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/crl-strict/posttest.dat [deleted file]
testing/tests/ikev2/crl-strict/pretest.dat [deleted file]
testing/tests/ikev2/crl-strict/test.conf [deleted file]
testing/tests/ikev2/esp-alg-aes-ccm/description.txt
testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat
testing/tests/ikev2/esp-alg-aes-gcm/description.txt
testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat
testing/tests/ikev2/esp-alg-camellia/description.txt
testing/tests/ikev2/esp-alg-camellia/evaltest.dat
testing/tests/ikev2/esp-alg-null/description.txt
testing/tests/openssl/alg-blowfish/evaltest.dat
testing/tests/openssl/ike-alg-ecp-high/evaltest.dat
testing/tests/openssl/ike-alg-ecp-low/evaltest.dat
testing/tests/pfkey/alg-aes-xcbc/description.txt
testing/tests/pfkey/alg-aes-xcbc/evaltest.dat

index 24a4afe..cce0e1c 100644 (file)
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC-256/AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
 in ipsec.conf. The same cipher suite is used for IKE: <b>ike=aes256-aesxcbc-modp2048</b>.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
index f40336d..c0b1f31 100644 (file)
@@ -1,9 +1,9 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
-moon::ipsec statusall::rw.*AES_CBC-256/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC-256/AES_XCBC_96,::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
+moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES
+carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES
 moon::ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/alg-blowfish/description.txt b/testing/tests/ikev2/alg-blowfish/description.txt
new file mode 100644 (file)
index 0000000..24b50b9
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat
new file mode 100644 (file)
index 0000000..a1f9f6a
--- /dev/null
@@ -0,0 +1,16 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256::YES
+carol::ipsec statusall::BLOWFISH_CBC_192.*,::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128::YES
+dave::ipsec statusall::BLOWFISH_CBC_128.*,::YES
+dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..b3b0551
--- /dev/null
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+       charondebug="enc 4, ike 4"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=blowfish256-sha512-modp2048!
+       esp=blowfish192-sha256!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e9829d5
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 gmp curl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..26f3f3a
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=blowfish128-sha256-modp1536!
+       esp=blowfish128-sha1!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e9829d5
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 gmp curl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..d7d8d83
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+       charondebug="enc 4, ike 4, cfg 2"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+       esp=blowfish192-sha256,blowfish128-sha1!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e9829d5
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 gmp curl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev2/alg-blowfish/posttest.dat b/testing/tests/ikev2/alg-blowfish/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/alg-blowfish/pretest.dat b/testing/tests/ikev2/alg-blowfish/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev2/alg-blowfish/test.conf b/testing/tests/ikev2/alg-blowfish/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/crl-strict/description.txt b/testing/tests/ikev2/crl-strict/description.txt
deleted file mode 100644 (file)
index b2b7090..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b>, a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/crl-strict/evaltest.dat b/testing/tests/ikev2/crl-strict/evaltest.dat
deleted file mode 100644 (file)
index ac70750..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-moon::ipsec listcrls:: ok::YES
-carol::ipsec listcrls:: ok::YES
diff --git a/testing/tests/ikev2/crl-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-strict/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index fbb9cd7..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-
-conn home
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       auto=add
diff --git a/testing/tests/ikev2/crl-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-strict/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 072c57c..0000000
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-
-conn net-net
-       leftsubnet=10.1.0.0/16
-       right=PH_IP_SUN
-       rightsubnet=10.2.0.0/16
-       rightid=@sun.strongswan.org
-       auto=add
-        
-conn host-host
-       right=PH_IP_SUN
-       rightid=@sun.strongswan.org
-       auto=add
-
-conn rw
-       leftsubnet=10.1.0.0/16
-       right=%any
-       auto=add
diff --git a/testing/tests/ikev2/crl-strict/posttest.dat b/testing/tests/ikev2/crl-strict/posttest.dat
deleted file mode 100644 (file)
index c6d6235..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev2/crl-strict/pretest.dat b/testing/tests/ikev2/crl-strict/pretest.dat
deleted file mode 100644 (file)
index 8984dcb..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 1 
-carol::ipsec up home
diff --git a/testing/tests/ikev2/crl-strict/test.conf b/testing/tests/ikev2/crl-strict/test.conf
deleted file mode 100644 (file)
index 2b240d8..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
index cb08a93..9fe03b0 100644 (file)
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CCM_12-128</b> by defining <b>esp=aes128gcm12-modp2048</b> or alternatively
-<b>esp=aes128gcm96-modp2048</b> in ipsec.conf.
+<b>AES_CCM_12_128</b> by defining <b>esp=aes128ccm12-modp2048</b> or alternatively
+<b>esp=aes128ccm96-modp2048</b> in ipsec.conf.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
index dc50321..9a1c6b8 100644 (file)
@@ -1,5 +1,5 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::AES_CCM_12-128::YES
-carol::ipsec statusall::AES_CCM_12-128::YES
+moon::ipsec statusall::AES_CCM_12_128::YES
+carol::ipsec statusall::AES_CCM_12_128::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
index 721f3c6..bd9521e 100644 (file)
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>AES_GCM_16-256</b> by defining <b>esp=aes256gcm16-modp2048</b> or alternatively
+<b>AES_GCM_16_256</b> by defining <b>esp=aes256gcm16-modp2048</b> or alternatively
 <b>esp=aes256gcm128-modp2048</b> in ipsec.conf.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
index 8f007b9..12a2dab 100644 (file)
@@ -1,5 +1,5 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::AES_GCM_16-256::YES
-carol::ipsec statusall::AES_GCM_16-256::YES
+moon::ipsec statusall::AES_GCM_16_256::YES
+carol::ipsec statusall::AES_GCM_16_256::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
index 98a019f..e79bc4f 100644 (file)
@@ -1,3 +1,3 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>CAMELLIA_CBC-192/HMAC_SHA1_96</b> by defining <b>esp=camellia192-sha1</b> in ipsec.conf.
+<b>CAMELLIA_CBC_192 / HMAC_SHA1_96</b> by defining <b>esp=camellia192-sha1</b> in ipsec.conf.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
index dfaf272..a8a78e2 100644 (file)
@@ -1,7 +1,7 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::CAMELLIA_CBC-192/HMAC_SHA1_96::YES
-carol::ipsec statusall::CAMELLIA_CBC-192/HMAC_SHA1_96::YES
+moon::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES
+carol::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES
 moon::ip xfrm state::enc cbc(camellia)::YES
 carol::ip xfrm state::enc cbc(camellia)::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
index 3f1b35e..8fd2030 100644 (file)
@@ -1,3 +1,3 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
-<b>NULL/HMAC_SHA1_96</b> by defining <b>esp=null-sha1</b> in ipsec.conf.
+<b>NULL / HMAC_SHA1_96</b> by defining <b>esp=null-sha1</b> in ipsec.conf.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
index 547e967..a1f9f6a 100644 (file)
@@ -1,11 +1,11 @@
 moon::ipsec statusall::rw.*ESTABLISHED::YES
 carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::IKE proposal: BLOWFISH-256::YES
-carol::ipsec statusall::BLOWFISH-192.*,::YES
+carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256::YES
+carol::ipsec statusall::BLOWFISH_CBC_192.*,::YES
 carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
 dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::IKE proposal: BLOWFISH-128::YES
-dave::ipsec statusall::BLOWFISH-128.*,::YES
+dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128::YES
+dave::ipsec statusall::BLOWFISH_CBC_128.*,::YES
 dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
index e40e754..0099364 100644 (file)
@@ -2,9 +2,9 @@ carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES
 dave::cat /var/log/daemon.log::ECP_256.*ECP_521::YES
 moon::ipsec statusall::rw.*ESTABLISHED::YES
 carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC-192/AUTH_HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
+carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
 dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC-256/AUTH_HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
+dave::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
index c8b1a79..e2073d9 100644 (file)
@@ -2,9 +2,9 @@ carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES
 dave::cat /var/log/daemon.log::ECP_192.*ECP_256::YES
 moon::ipsec statusall::rw.*ESTABLISHED::YES
 carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC-128/AUTH_HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
+carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
 dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC-128/AUTH_HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
+dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
index 24a4afe..cce0e1c 100644 (file)
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC-256/AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+<b>AES_CBC_256 / AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
 in ipsec.conf. The same cipher suite is used for IKE: <b>ike=aes256-aesxcbc-modp2048</b>.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
index f40336d..c0b1f31 100644 (file)
@@ -1,9 +1,9 @@
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
-moon::ipsec statusall::rw.*AES_CBC-256/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC-256/AES_XCBC_96,::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048::YES
+moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES
+carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES
 moon::ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES