summaryrefslogtreecommitdiff
path: root/regress/sbin/ipsecctl/ike13.ok
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2008-07-01 15:00:55 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2008-07-01 15:00:55 +0000
commitec17add7bc79551b55da5b3f390fa5e620127244 (patch)
treed6dd3dac752697b62aeac06e0d235f2631a6fcfd /regress/sbin/ipsecctl/ike13.ok
parent9c78cb2146f35e6ffd5b0e0a09831b3f586c8f15 (diff)
Isakmpd acquire mode did not work with a config generated from
ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd
Diffstat (limited to 'regress/sbin/ipsecctl/ike13.ok')
-rw-r--r--regress/sbin/ipsecctl/ike13.ok96
1 files changed, 48 insertions, 48 deletions
diff --git a/regress/sbin/ipsecctl/ike13.ok b/regress/sbin/ipsecctl/ike13.ok
index 9e8900effb5..29d0cb1baea 100644
--- a/regress/sbin/ipsecctl/ike13.ok
+++ b/regress/sbin/ipsecctl/ike13.ok
@@ -2,57 +2,57 @@ FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Configuration=qm-2.2.2.0/24-1.1.1.1 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Local-ID=lid-2.2.2.0/24 force
-C set [IPsec-2.2.2.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-2.2.2.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-2.2.2.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-2.2.2.0/24]:Network=2.2.2.0 force
-C set [lid-2.2.2.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-2.2.2.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Configuration=phase2-from-2.2.2.0/24-to-1.1.1.1 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Local-ID=from-2.2.2.0/24 force
+C set [from-2.2.2.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-2.2.2.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-2.2.2.0/24]:Network=2.2.2.0 force
+C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-2.2.2.0/24-to-1.1.1.1
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Configuration=qm-3.3.3.0/24-1.1.1.1 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Local-ID=lid-3.3.3.0/24 force
-C set [IPsec-3.3.3.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-3.3.3.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-3.3.3.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-3.3.3.0/24]:Network=3.3.3.0 force
-C set [lid-3.3.3.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-3.3.3.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Configuration=phase2-from-3.3.3.0/24-to-1.1.1.1 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Local-ID=from-3.3.3.0/24 force
+C set [from-3.3.3.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-3.3.3.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-3.3.3.0/24]:Network=3.3.3.0 force
+C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-3.3.3.0/24-to-1.1.1.1
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
-C set [peer-1.1.1.1]:Configuration=mm-1.1.1.1 force
-C set [mm-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
-C add [mm-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Phase=2 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Configuration=qm-4.4.4.0/24-1.1.1.1 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Local-ID=lid-4.4.4.0/24 force
-C set [IPsec-4.4.4.0/24-1.1.1.1]:Remote-ID=rid-1.1.1.1 force
-C set [qm-4.4.4.0/24-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
-C set [qm-4.4.4.0/24-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
-C set [lid-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
-C set [lid-4.4.4.0/24]:Network=4.4.4.0 force
-C set [lid-4.4.4.0/24]:Netmask=255.255.255.0 force
-C set [rid-1.1.1.1]:ID-type=IPV4_ADDR force
-C set [rid-1.1.1.1]:Address=1.1.1.1 force
-C add [Phase 2]:Connections=IPsec-4.4.4.0/24-1.1.1.1
+C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
+C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
+C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Phase=2 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:ISAKMP-peer=peer-1.1.1.1 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Configuration=phase2-from-4.4.4.0/24-to-1.1.1.1 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Local-ID=from-4.4.4.0/24 force
+C set [from-4.4.4.0/24-to-1.1.1.1]:Remote-ID=to-1.1.1.1 force
+C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:EXCHANGE_TYPE=QUICK_MODE force
+C set [phase2-from-4.4.4.0/24-to-1.1.1.1]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [from-4.4.4.0/24]:Network=4.4.4.0 force
+C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
+C set [to-1.1.1.1]:ID-type=IPV4_ADDR force
+C set [to-1.1.1.1]:Address=1.1.1.1 force
+C add [Phase 2]:Connections=from-4.4.4.0/24-to-1.1.1.1
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 00:08:30 +0000