summaryrefslogtreecommitdiff
path: root/regress/sbin/ipsecctl/ike13.ok
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2016-09-02 10:58:25 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2016-09-02 10:58:25 +0000
commit56f28f766a104de242772ba512b58e0410e7f8e2 (patch)
tree90424af10c88eb2bdb609854bf6f14aadaf3369f /regress/sbin/ipsecctl/ike13.ok
parenta6926e5ed7679b4dd62d63ca53d464717f1437f0 (diff)
Adjust for the new default MODP group
Diffstat (limited to 'regress/sbin/ipsecctl/ike13.ok')
-rw-r--r--regress/sbin/ipsecctl/ike13.ok84
1 files changed, 42 insertions, 42 deletions
diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok
index d5630128a60..ac6b8d03e5d 100644
--- a/regress/sbin/ipsecctl/ike13.ok
+++ b/regress/sbin/ipsecctl/ike13.ok
@@ -4,13 +4,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force
C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force
@@ -20,13 +20,13 @@ C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=phase2-suite-from-2.2.2.0/24-to-1.1.1.1 force
C set [phase2-suite-from-2.2.2.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-2.2.2.0/24-to-1.1.1.1 force
C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-2.2.2.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase2-transform-from-2.2.2.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-2.2.2.0/24]:Network=2.2.2.0 force
C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
@@ -38,13 +38,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force
C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force
@@ -54,13 +54,13 @@ C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=phase2-suite-from-3.3.3.0/24-to-1.1.1.1 force
C set [phase2-suite-from-3.3.3.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-3.3.3.0/24-to-1.1.1.1 force
C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-3.3.3.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase2-transform-from-3.3.3.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-3.3.3.0/24]:Network=3.3.3.0 force
C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
@@ -72,13 +72,13 @@ C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
+C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force
C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force
@@ -88,13 +88,13 @@ C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=phase2-suite-from-4.4.4.0/24-to-1.1.1.1 force
C set [phase2-suite-from-4.4.4.0/24-to-1.1.1.1]:Protocols=phase2-protocol-from-4.4.4.0/24-to-1.1.1.1 force
C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:PROTOCOL_ID=IPSEC_ESP force
-C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
-C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
+C set [phase2-protocol-from-4.4.4.0/24-to-1.1.1.1]:Transforms=phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
+C set [phase2-transform-from-4.4.4.0/24-to-1.1.1.1-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-4.4.4.0/24]:Network=4.4.4.0 force
C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 11:15:07 +0000